The previous sfpDB blueprint has now been updated to Solaris 10. It adds the ability to check the signatures of now signed ELF binary objects ( man elfsign ), the use of the digest command instead of the (downloaded) md5 command, and few words about BART, the Basic Audit & Reporting Tool, whose integration with the sfpDB is described in another blueprint document.
Another great LDAP-related blueprint document by Michael Haines. Moving away from NIS and welcoming LDAP without being too scared thanks to NIS-2-LDAP technique.
More pages, more examples & covers S10U1.
A new blueprint document from Glenn Brunette of Sun that describes a number of ways to find out which privilege is required to run a certain application as user “whatever”. Besides the known option of the ppriv command, the privdebug perl script uses DTrace to provide easy observation.
The author then uses privdebug to find out how to build the list of required privileges to start Apache as user “whatever”, be it in the Global zone or in non-global zones. A good document to learn about privileges.
View the document
The privdebug script at OpenSolaris
A easy-to-understand Howto found in OpenSolaris that describes how to implement privilege bracketing when developing privilege-aware software. The action of granting your process the privileges that it needs only when and for the exact duration it needs it.
T: OpenSolaris, privilegesSolaris 10 provides several new features & improvements over previous releases in the Kerberos area. This document focuses on the new encryption mechanisms that can be used. Welcome 3DES, RC4 & AES!
Technorati tag : kerberos
Probably better-looking than the previous presentation. 40 pages nicely structured. Written in part by Darren Moffat.
A hole is now filled. SMF & RBAC authorizations article was written because of the lack of official documentation around the topic. It was released as an extra exercise for interested people. This blueprint has the additional objective of defining each authorization related to SMF. Together with the typical Apache2 exercise, it gives valuable hints as how to delegate the administration of services to some of your users / co-admins.