Trusted Solaris Operating System - Technical FAQs
QuestionI set my systems up to communicate, they're not; it looks as if the packets were being dropped. AnswerNot supplying the appropriate label in the template assigned to an unlabeled host is behind most customer complaints about not being able to communicate with unlabeled hosts. Similarly, not assigning appropriate templates for each ip address on the local host or remote Trusted Solaris host is behind most complaints about not being able to communicate between Trusted Solaris machines. As you probably know, Trusted Solaris hosts communicate with labeled hosts at a single label. The label is defined by the site's security administrator in the Default Label field of a template from the tnrhtp(4) database that is assigned to the host by means of an entry in the tnrhdb(4) database. (These entries are not made manually; up to Trusted Solaris 7, the Database Manager in the Solstice AdminSuite folder in the Application Manager is used. The Trusted Solaris 8 environment uses the Solaris Management Console Security Families tool. Depending on which release you are running, the default unlabeled or unlabeled template will have either ADMIN_LOW or no label specified as the default label. WARNING: Before assigning a template to a host classified as a single-label, you must define a valid label in the Default Label field. The templates for the single-label hosts do not have valid labels defined because there is no way for Sun to determine from our side what labels will be valid at each customer site. Applies to Trusted Solaris Release:1.2, 2.5, 2.5.1, 7, 8 |
| |||||||||||||||||||||||||||||||||
 | | |||||||||||||||||||||||||||||||||