System Administration Guide: Security Services

P

packet transfers

firewall security

packet smashing

PAM

add a module

configuration file

control flags

/etc/syslog.conf file

module types

modules

overview

password mapping

planning

SEAM and

service names

stacking

try_first_pass

pam_*.so.1 files

description

pam.conf file

description

SEAM and

pam_roles command

description

panels, table of SEAM Administration Tool

passphrase

example

passwd command

and kpasswd command

try_first_pass

passwd file

ASET checks

/etc/d_passwd file and

passwd service name

PAM

password mapping

in PAM

PasswordAuthentication keyword

sshd_config file

passwords

and policies

capturing encrypted passwords

changing with kpasswd command

changing with passwd command

dial-up passwords

disabling dial-up logins temporarily

/etc/d_passwd file

/etc/dialups file

displaying users with no passwords

eeprom security

eliminating in Secure Shell use

management

modifying a principal's password

secret-key decryption

Secure Shell

suggestions on choosing

system logins

UNIX and Kerberos

path audit policy

description

path token

path variable

setting

pc audit flag

PERIODIC_SCHEDULE variable (ASET)

scheduling ASET

permissions

ACLs and

ASET handling of

changing file permissions

absolute mode

chmod command

symbolic mode

defaults

directory permissions

file permissions

absolute mode

changing

description

special permissions

symbolic mode

setgid permissions

absolute mode

description

symbolic mode

setuid permissions

absolute mode

description

finding files with permissions set

security risks

symbolic mode

special file permissions

sticky bit

tune files (ASET)

umask settings

user classes and

PermitEmptyPasswords keyword

sshd_config file

PermitRootLogin keyword

sshd_config file

pfcsh command

description

pfexec command

description

pfksh command

description

pfsh command

description

physical security

planning

PAM

RBAC

SEAM

client and service principal names

clock synchronization

configuration decisions

database propagation

number of realms

ports

realm hierarchy

realm names

realms

slave KDCs

pluggable authentication module

See PAM

plus (+) audit flag prefix

plus sign (+)

file permissions symbol

policies

administering

and passwords

auditconfig options

creating (SEAM

creating new (SEAM)

deleting

modifying

SEAM Administration Tool panels for

task map for administering

viewing attributes

viewing list of

policy.conf database

Basic Solaris User rights profile

description

RBAC relationships

port

for KDC and admin services

KDC administration daemon

port forwarding

configuring ssh_config

Secure Shell

Port keyword

sshd_config file

postdatable ticket

definition

postdated ticket

description

postsigterm string

audit_warn script

pound sign (#)

device_allocate file

device_maps file

ppp service name

PAM

praudit command

converting audit records to readable format

output formats

piping auditreduce output to

using

prefixes in audit flags

preselection mask

auditconfig command options

description

machine-wide

preselection mask (BSM)

reducing storage costs

primary

in principals names

Primary Administrator

rights profile

role

primary audit directory

principal

adding administration

adding service principal to keytab

administering

automating creation of

creating host

creating root

deleting

duplicating

in SEAM

modifying

principal name

removing from keytab file

removing service principal from keytab

root

SEAM Administration Tool panels for

service principal

setting up defaults

task map for administering

user ID comparison

user principal

viewing attributes

viewing list of

viewing sublist of principals

principal.db file

description

principal.kadm5 file

description

principal.kadm5.lock file

description

principal.ok file

description

principals

creating

print format field

arbitrary token

Printer Management rights profile

description

printing

audit log

privacy

SEAM and

security service

private key

definition in SEAM

description

naming convention

privilege

effects on SEAM Administration Tool

privileged application

authorization checking

description

ID checking

process audit characteristics

audit ID

audit session ID

process preselection mask

terminal ID

process audit class

process preselection mask

auditconfig command options

description

process token

format

processing time costs

BSM and

prof_attr database

description

RBAC relationships

profile

See rights profile

.profile file

path variable entry

profile shell

description

profiles command

description

program

testing for authorizations

projects module

description

propagation

KDC database

Kerberos database

propagation file

adding entries to

Protocol keyword

sshd_config file

proxiable ticket

definition

proxy ticket

definition

ProxyCommand keyword

ssh_config file

pseudo-tty

use in Secure Shell

public directories

public key

description

DH authentication and

known hosts file

naming convention

Secure Shell

public-key cryptography

AUTH_DH client-server session

changing public and secret keys

common key

calculation

database of public keys

generating keys

conversation key

public and secret keys

secret key

changing

database

decrypting

generating

publickey map

DH authentication and

put subcommand

sftp command


	P packet transfers firewall security , packet smashing , PAM add a module , configuration file , , , control flags , `/etc/syslog.conf` file , module types , modules , overview , password mapping , planning , SEAM and , , , service names , stacking , `try_first_pass` , `pam_.so.1` files description , `pam.conf` file description , SEAM and , `pam_roles` command description , panels, table of SEAM Administration Tool , passphrase example , `passwd` command and `kpasswd` command , `try_first_pass` , `passwd` file ASET checks , `/etc/d_passwd` file and , `passwd` service name PAM , password mapping in PAM , `PasswordAuthentication` keyword `sshd_config` file , passwords and policies , capturing encrypted passwords , changing with `kpasswd` command , changing with `passwd` command , dial-up passwords disabling dial-up logins temporarily , `/etc/d_passwd` file , , , `/etc/dialups` file , displaying users with no passwords , eeprom security , eliminating in Secure Shell use , , login security , , , , management , modifying a principal's password , secret-key decryption , Secure Shell , suggestions on choosing , system logins , , UNIX and Kerberos , `path` audit policy description , `path` token , path variable setting , `pc` audit flag , `PERIODIC_SCHEDULE` variable (ASET) scheduling ASET , , , , permissions ACLs and , , ASET handling of , , changing file permissions absolute mode , , `chmod` command , symbolic mode , , , , defaults , directory permissions , file permissions absolute mode , , changing , , description , special permissions , , , symbolic mode , , , , `setgid` permissions absolute mode , , description , , symbolic mode , `setuid` permissions absolute mode , , description , finding files with permissions set , , security risks , symbolic mode , special file permissions , , , sticky bit , tune files (ASET) , , , , `umask` settings , user classes and , `PermitEmptyPasswords` keyword `sshd_config` file , `PermitRootLogin` keyword `sshd_config` file , `pfcsh` command description , `pfexec` command description , `pfksh` command description , `pfsh` command description , physical security , planning PAM , RBAC , SEAM client and service principal names , clock synchronization , configuration decisions , database propagation , number of realms , ports , realm hierarchy , realm names , realms , slave KDCs , pluggable authentication module See* PAM plus (+) audit flag prefix , , plus sign (+) file permissions symbol , policies administering , , and passwords , auditconfig options , creating (SEAM , creating new (SEAM) , deleting , modifying , SEAM Administration Tool panels for , task map for administering , viewing attributes , viewing list of , `policy.conf` database Basic Solaris User rights profile , description , , RBAC relationships , port for KDC and admin services , KDC administration daemon , port forwarding configuring `ssh_config` , Secure Shell , , , `Port` keyword `sshd_config` file , postdatable ticket definition , postdated ticket description , postsigterm string `audit_warn` script , pound sign (#) `device_allocate` file , `device_maps` file , `ppp` service name PAM , `praudit` command converting audit records to readable format , , output formats , , piping `auditreduce` output to , using , , prefixes in audit flags , , preselection mask `auditconfig` command options , description , machine-wide , preselection mask (BSM) reducing storage costs , primary in principals names , Primary Administrator rights profile , , , role , primary audit directory , principal adding administration , adding service principal to keytab , , administering , , automating creation of , creating host , creating root , , deleting , duplicating , in SEAM , modifying , principal name , removing from keytab file , removing service principal from keytab , root , SEAM Administration Tool panels for , service principal , setting up defaults , task map for administering , user ID comparison , user principal , viewing attributes , viewing list of , viewing sublist of principals , `principal.db` file description , `principal.kadm5` file description , `principal.kadm5.lock` file description , `principal.ok` file description , principals creating , print format field `arbitrary` token , Printer Management rights profile description , , printing audit log , privacy SEAM and , security service , private key , definition in SEAM , description , naming convention , privilege , effects on SEAM Administration Tool , privileged application authorization checking , description , ID checking , process audit characteristics audit ID , audit session ID , process preselection mask , terminal ID , `process` audit class , process preselection mask `auditconfig` command options , description , `process` token format , processing time costs BSM and , `prof_attr` database description , , RBAC relationships , profile See rights profile `.profile` file path variable entry , profile shell description , `profiles` command description , program testing for authorizations , `projects` module description , propagation KDC database , Kerberos database , propagation file adding entries to , `Protocol` keyword `sshd_config` file , proxiable ticket definition , proxy ticket definition , `ProxyCommand` keyword `ssh_config` file , pseudo-tty use in Secure Shell , public directories , public key description , DH authentication and , known hosts file , naming convention , Secure Shell , public-key cryptography AUTH_DH client-server session , , changing public and secret keys , common key calculation , database of public keys , generating keys conversation key , public and secret keys , secret key changing , database , decrypting , generating , publickey map DH authentication and , `put` subcommand `sftp` command , ,