Sun Microsystems, Inc.
Home > Next >

      • General Information


      • Documentation & Training


      • Performance Issues


      • Installation & Configuration


      • Compatibility Issues


      • Functionality & Usability Issues


More Resources
 
• http://docs.sun.com/

Fast Track to the Solaris 10 OS Adoption: Security

Installation & Configuration

Please click on a question below or download a pdf version.

  1. Is it difficult to implement Kerberos on the Solaris OS after the fact, across multiple Solaris OS versions (2.6.8, 9)? I didn't build any Solaris servers with Kerberos, but now I'm being asked to integrate an SSO solution for Sun, AIX, Oracle, and Sybase with Windows AD.
  2. Will the Solaris 10 OS have a "secure" installation option? It's always a pain installing one of the canned Solaris 9 OS bundles (OEM, OEM+, Workstation, etc.) and then having to tweak the install with pkgadd/pkgrm, JASS, etc. I've been hoping for a canned "secure host" install bundle option.
  3. I have seen some indication of a minimum install collection and some other minimalist install collections. Do you have any idea as to the availability of these collections in relation to the FCS?
  4. Many of our admins for the Solaris OS are coming from the NT admin world. How has ease of manageability for configuring security options been addressed in the Solaris 10 OS?
  5. We spend a lot of time "paring down" the standard Solaris OE installation every time a new version comes out. We remove quite a few packages to make the general purpose OS specific to our needs. I plan to use this technique when building zones as well. I'm wondering if the "core" install cluster will change any (not package names but functionality). Will it be any smaller, is X installed, etc.?
  6. Will the Solaris 10 OS offer a UI to configure a PAM module that doesn't require programming? Are there existing pre-built PAM modules that can be configured w/o programming?
  7. What is the migration path to go from UFS or VXFS file systems, to ZFS?

Q: Is it difficult to implement Kerberos on the Solaris OS after the fact, across multiple Solaris OS versions (2.6.8, 9)? I didn't build any Solaris servers with Kerberos, but now I'm being asked to integrate an SSO solution for Sun, AIX, Oracle, and Sybase with Windows AD.

A: In the Solaris 10 OS, you have a tool for configuring it; for the Solaris 9 OS and before, you'll have to do it in the traditional way. Please refer to http://docs.sun.com/ for more information on how to install/configure Kerberos.

Back to top

Q: Will the Solaris 10 OS have a "secure" installation option? It's always a pain installing one of the canned Solaris 9 OS bundles (OEM, OEM+, Workstation, etc.) and then having to tweak the install with pkgadd/pkgrm, JASS, etc. I've been hoping for a canned "secure host" install bundle option.

A: We're working on a "secure at install" profile that can be enabled via the new Service Management Facility; this is planned to be delivered in a Solaris 10 OS update.

Back to top

Q: I have seen some indication of a minimum install collection and some other minimalist install collections. Do you have any idea as to the availability of these collections in relation to the FCS?

A: Yes, we're now offering a new "metacluster" (install time option) called "Reduced Networking," which, when selected, installs the minimal amount of software required to boot the machine and obtain console access to start the process of personalization (and adding software). This is a paradigm change for creating minimized systems on the Solaris OS since you now add software instead of removing it (adding is much easier since it avoids dependency issues).

Back to top

Q: Many of our admins for the Solaris OS are coming from the NT admin world. How has ease of manageability for configuring security options been addressed in the Solaris 10 OS?

A: The Solaris Management Console is probably most similar to the experience that Windows admins are used to, and it has been enhanced in the Solaris 10 OS. Also, there is a new Web interface for administration that controls other aspects of security/system admin. For organizations that use our Identity Management product set, administration of user life cycle is actually easier than on the native OS and takes place across multiple platforms simultaneously.

Back to top

Q: We spend a lot of time "paring down" the standard Solaris OE installation every time a new version comes out. We remove quite a few packages to make the general purpose OS specific to our needs. I plan to use this technique when building zones as well. I'm wondering if the "core" install cluster will change any (not package names but functionality). Will it be any smaller, is X installed, etc.?

A: The Solaris 10 OS has a new "reduced networking" metacluster that's designed to do exactly what you're doing. It doesn't include X - at 120 MB, it doesn't include a "lot" of things. :-)

Back to top

Q: Will the Solaris 10 OS offer a UI to configure a PAM module that doesn't require programming? Are there existing pre-built PAM modules that can be configured w/o programming?

A: Starting with the Solaris 9 OS (and with Solaris 8 Patch 108993-xx), the PAM modules are much smaller in functionality set. Hence, there are some new additional features that you "configure" simply by changing parameters in the /etc/pam.conf . In the Solaris 10 OS, we have added PAM configuration parameters for things such as password syntax checking, account lockout and password history. There are a variety of third party, and open source, PAM modules that you can either port or run directly on versions 8, 9, and 10.

Back to top

Q: What is the migration path to go from UFS or VXFS file systems, to ZFS?

A: This is currently under discussion. However one can always copy files from UFS or VxFS to ZFS.
Back to top Next >

 
Company Info  |   Contact  |   Terms of Use  |   Privacy  |   Trademarks  |   Copyright 1994-2005 Sun Microsystems, Inc.