Document Information
Preface
Part I Security Overview
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
11. Privileges (Tasks)
12. Privileges (Reference)
Part IV Solaris Cryptographic Services
13. Solaris Cryptographic Framework (Overview)
Solaris Cryptographic Framework
Terminology in the Solaris Cryptographic Framework
Administrative Commands in the Solaris Cryptographic Framework
User-Level Commands in the Solaris Cryptographic Framework
Plugins to the Solaris Cryptographic Framework
Cryptographic Services and Zones
14. Solaris Cryptographic Framework (Tasks)
15. Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
17. Using PAM
18. Using SASL
19. Using Solaris Secure Shell (Tasks)
20. Solaris Secure Shell (Reference)
Part VI Kerberos Service
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Solaris Auditing
28. Solaris Auditing (Overview)
29. Planning for Solaris Auditing
30. Managing Solaris Auditing (Tasks)
31. Solaris Auditing (Reference)
Glossary
Index
|
Scope of the Solaris Cryptographic Framework
The framework provides commands for administrators, for users, and for developers who supply
providers:
Administrative commands – The cryptoadm command provides a list subcommand to list the available providers and their capabilities. Ordinary users can run the cryptoadm list and the cryptoadm --help commands. All other cryptoadm subcommands require you to assume a role that includes the Crypto Management rights profile, or to become superuser. Subcommands such as disable, install, and uninstall are available for administering the framework. For more information, see the cryptoadm(1M) man page. The svcadm command is used to manage the kcfd daemon, and to refresh cryptographic policy in the kernel. For more information, see the svcadm(1M) man page. User-level commands – The digest and mac commands provide file integrity services. The encrypt and decrypt commands protect files from eavesdropping. To use these commands, see Protecting Files With the Solaris Cryptographic Framework (Task Map). Binary signatures for third-party providers – The elfsign command enables third parties to sign binaries for use within the framework. Binaries that can be added to the framework are PKCS #11 libraries, kernel algorithm modules, and hardware device drivers. To use the elfsign command, see Appendix F, Packaging and Signing Cryptographic Providers, in Solaris Security for Developers Guide.
|
