 |
 |
|
| Home > | Next > |
| | | | | ||||||||||||||||||||||||||||
|
|
|
Fast Track to the Solaris 10 OS Adoption: SecurityCompatibility IssuesPlease click on a question below or download a pdf version.
Q: Will all applications running in the Solaris 9 OS run in the Solaris 10 OS? A: Yes, all Solaris 9 OS applications will definitely work on the Solaris 10 OS. Q: Will the Solaris 10 OS interface with SiteMinder with respect to SSO and entitlements? A: While I do not have a specific status of support for SiteMinder on the Solaris 10 OS, in general we expect all applications that run on the Solaris 9 OS to continue to run on the Solaris 10 OS. Regarding Native LDAP authentication, there are some restrictions about password history, account lockout and syntax checking because there is no standard for how to store this data in LDAP. SiteMinder has its own solution to this problem. Q: Will the Solaris 10 OS AMD64 support noexec_user_stack? A: Yes, this has been added. Q: Can we migrate to the Solaris 10 OS from anything older than Solaris 8 or 9 OS? A: Yes, you can migrate to the Solaris 10 OS from Solaris 9, 8, 7, 6 or 2.5.1 OS. We even guarantee binary compatibility, as long as you follow the General UNIX development guidelines. Q: Is the Solaris 10 OS IP Filter backward compatible to previous versions? A: Generally speaking, you can't use a package from a forward release on an earlier release - at the very least, it would not be supported by Sun. IP Filter is available outside of Sun for earlier Solaris releases. A: The GNU tools have been available on the Companion CD since the Solaris 8 OS, and we'll continue to do that with the Solaris 10 OS. Q: Does the Solaris 10 OS support IPv6? A: Sun was one of the first vendors to support IPv6. It has been supported since Solaris 8 FCS. Support for IPv6 will continue in the Solaris 10 OS. Q: What is the supported hardware for the Solaris 10 OS? A: The Solaris 10 OS will work on SPARC, SPARC 64 (Fujitsu), AMD Opteron, Athlon, and Xeon processor-based servers and workstations, including the Sun Java workstations W1100z/W2100z, Sun Fire V20z/V40z servers, Sun Fire V60x/V65x servers, the Sun Fire B100x/B200x blade servers, and more than 250 non-Sun x86 hardware. Please check out the BigAdmin site for the latest details. Q: Will Solaris OS security "play nice" with open-source products such as open-ssl, zlib, PGP? A: Yes, in fact almost all of those have been or will be included with the Solaris 10 OS. I know zlib has been in since version 8. A: Yes, privileges are inherited, so they can be set outside of an existing application without changing the app itself. You can use the ppriv command (or, maybe even better, DTrace or truss) to determine what privileges an existing app needs. Check out docs.sun.com for more information on ppriv in the Solaris 10 OS. A: Actually, OpenLDAP and Native LDAP are compatible with the Solaris 8 OS (with patch 108993-xx), as well as versions 9 and 10. However, since there is no IETF standard for things like password history, account lockout, and syntax checking, these capabilities currently only work in conjunction with the Sun Java Enterprise Server Directory Server. We are investigating possibly extending this to utilize the OpenLDAP method in the future. A: No, they are different, in that the one in the Solaris 10 OS is based on OpenSSH (OpenSSL will be there as well), while in Solaris 9 OS, we didn't provide SSL. It came as part of the applications layer. A: Yes, and it's fully compatible today in the Solaris 9 OS, with the exception of PKI and key rotation. Key rotation is added in the Solaris 10 OS. Q: I am new to the Solaris 10 OS, Will I be able to install and execute Oracle? A: Yes, you can install and execute Oracle. Q: What authentication will be supported? LDAP? A: SSL & Kerberos in addition to others, in the Solaris 9 OS. Q: Will the Solaris 10 OS integrate seamlessly with an AD domain? A: The Solaris 10 OS offers additional levels of integration with Active Directory above what we already offer in the Solaris 8 and 9 Operating Systems. For the Solaris 10 OS, we offer Kerberos authentication for LDAP transactions for "Native LDAP authentication." Additionally, SAMBA 3.0 is included, which allows for better client/server file sharing with Active Directory-based systems. There are several other enhancements for interoperability that we are investigating and developing right now. Our agreement with Microsoft will definitely affect our offerings for the near future. Q: Will the SUNWjass package be updated to work with the Solaris 10 OS? A: Yes, the Solaris Security Toolkit team is working on an update to take advantage of the many new security features in the Solaris 10 OS.
| |
