System Administration Guide: Security Services
Previous Next

Document Information

Preface

Part I Security Overview

1.  Security Services (Overview)

Part II System, File, and Device Security

2.  Managing Machine Security (Overview)

3.  Controlling Access to Systems (Tasks)

4.  Virus Scanning Service (Tasks)

5.  Controlling Access to Devices (Tasks)

6.  Using the Basic Audit Reporting Tool (Tasks)

7.  Controlling Access to Files (Tasks)

Part III Roles, Rights Profiles, and Privileges

8.  Using Roles and Privileges (Overview)

9.  Using Role-Based Access Control (Tasks)

10.  Role-Based Access Control (Reference)

11.  Privileges (Tasks)

12.  Privileges (Reference)

Part IV Solaris Cryptographic Services

13.  Solaris Cryptographic Framework (Overview)

Solaris Cryptographic Framework

Terminology in the Solaris Cryptographic Framework

Scope of the Solaris Cryptographic Framework

Administrative Commands in the Solaris Cryptographic Framework

User-Level Commands in the Solaris Cryptographic Framework

Plugins to the Solaris Cryptographic Framework

Cryptographic Services and Zones

14.  Solaris Cryptographic Framework (Tasks)

15.  Solaris Key Management Framework

Part V Authentication Services and Secure Communication

16.  Using Authentication Services (Tasks)

17.  Using PAM

18.  Using SASL

19.  Using Solaris Secure Shell (Tasks)

20.  Solaris Secure Shell (Reference)

Part VI Kerberos Service

21.  Introduction to the Kerberos Service

22.  Planning for the Kerberos Service

23.  Configuring the Kerberos Service (Tasks)

24.  Kerberos Error Messages and Troubleshooting

25.  Administering Kerberos Principals and Policies (Tasks)

26.  Using Kerberos Applications (Tasks)

27.  The Kerberos Service (Reference)

Part VII Solaris Auditing

28.  Solaris Auditing (Overview)

29.  Planning for Solaris Auditing

30.  Managing Solaris Auditing (Tasks)

31.  Solaris Auditing (Reference)

Glossary

Index

Solaris Cryptographic Framework

The Solaris Cryptographic Framework provides a common store of algorithms and PKCS #11 libraries to handle cryptographic requirements. The PKCS #11 libraries are implemented according to the following standard: RSA Security Inc. PKCS #11 Cryptographic Token Interface (Cryptoki).

At the kernel level, the framework currently handles cryptographic requirements for Kerberos and IPsec. User-level consumers include libsasl and IKE.

Export law in the United States requires that the use of open cryptographic interfaces be restricted. The Solaris Cryptographic Framework satisfies the current law by requiring that kernel cryptographic providers and PKCS #11 cryptographic providers be signed. For further discussion, see Binary Signatures for Third-Party Software.

The framework enables providers of cryptographic services to have their services used by many consumers in the Solaris Operating System. Another name for providers is plugins. The framework allows three types of plugins:

  • User-level plugins – Shared objects that provide services by using PKCS #11 libraries, such as pkcs11_softtoken.so.1.

  • Kernel-level plugins – Kernel modules that provide implementations of cryptographic algorithms in software, such as AES.

    Many of the algorithms in the framework are optimized for x86 with the SSE2 instruction set and for SPARC hardware.

  • Hardware plugins – Device drivers and their associated hardware accelerators. A hardware accelerator offloads expensive cryptographic functions from the operating system. The Sun Crypto Accelerator 1000 board is one example.

The framework implements a standard interface, the PKCS #11, v2.11 library, for user-level providers. The library can be used by third-party applications to reach providers. Third parties can also add signed libraries, signed kernel algorithm modules, and signed device drivers to the framework. These plugins are added when the pkgadd utility installs the third-party software. For a diagram of the major components of the framework, see Chapter 8, Introduction to the Solaris Cryptographic Framework, in Solaris Security for Developers Guide.
Previous Next