| Skip Navigation Links | |
| Exit Print View | |
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Trusted Extensions Configuration and Administration Oracle Solaris 11.1 Information Library |
Part I Initial Configuration of Trusted Extensions
1. Security Planning for Trusted Extensions
2. Configuration Roadmap for Trusted Extensions
3. Adding the Trusted Extensions Feature to Oracle Solaris (Tasks)
4. Configuring Trusted Extensions (Tasks)
5. Configuring LDAP for Trusted Extensions (Tasks)
Part II Administration of Trusted Extensions
6. Trusted Extensions Administration Concepts
7. Trusted Extensions Administration Tools
8. Security Requirements on a Trusted Extensions System (Overview)
9. Performing Common Tasks in Trusted Extensions
10. Users, Rights, and Roles in Trusted Extensions (Overview)
11. Managing Users, Rights, and Roles in Trusted Extensions (Tasks)
12. Remote Administration in Trusted Extensions (Tasks)
13. Managing Zones in Trusted Extensions
14. Managing and Mounting Files in Trusted Extensions
15. Trusted Networking (Overview)
16. Managing Networks in Trusted Extensions (Tasks)
17. Trusted Extensions and LDAP (Overview)
18. Multilevel Mail in Trusted Extensions (Overview)
19. Managing Labeled Printing (Tasks)
Labels, Printers, and Printing
Differences Between Trusted Extensions Printing in Oracle Solaris 10 and Oracle Solaris 11
Restricting Access to Printers and Print Job Information in Trusted Extensions
Labeled Banner and Trailer Pages
tsol_separator.ps Configuration File
PostScript Printing of Security Information
Trusted Extensions Print Interfaces (Reference)
Managing Printing in Trusted Extensions (Tasks)
Configuring Labeled Printing (Task Map)
How to Configure a Multilevel Print Server and Its Printers
How to Configure a Network Printer
How to Configure a Zone as a Single-Level Print Server
How to Enable a Trusted Extensions Client to Access a Printer
Reducing Printing Restrictions in Trusted Extensions (Task Map)
How to Remove Banner and Trailer Pages
How to Assign a Label to an Unlabeled Print Server
How to Enable Specific Users and Roles to Bypass Labeling Printed Output
20. Devices in Trusted Extensions (Overview)
21. Managing Devices for Trusted Extensions (Tasks)
22. Trusted Extensions Auditing (Overview)
23. Software Management in Trusted Extensions
Creating and Managing a Security Policy
Site Security Policy and Trusted Extensions
Computer Security Recommendations
Physical Security Recommendations
Personnel Security Recommendations
Additional Security References
B. Configuration Checklist for Trusted Extensions
Checklist for Configuring Trusted Extensions
C. Quick Reference to Trusted Extensions Administration
Administrative Interfaces in Trusted Extensions
Oracle Solaris Interfaces Extended by Trusted Extensions
Tighter Security Defaults in Trusted Extensions
Limited Options in Trusted Extensions
D. List of Trusted Extensions Man Pages
Trusted Extensions Man Pages in Alphabetical Order
Oracle Solaris Man Pages That Are Modified by Trusted Extensions
The following task map describes common configuration procedures that are related to labeled printing.
|
Printers that are connected to a Trusted Extensions print server print labels on body pages, banner pages, and trailer pages. Such printers can print jobs within the label range of the print server. If the printer is shared, any Trusted Extensions host that can reach the print server can use the shared printer.
Before You Begin
You must be in the System Administrator role in the global zone on this print server.
# lpinfo -m | grep printer-manufacturer
For example, the following syntax finds all the Xerox printers:
# lpinfo -m | grep Xerox gutenprint.5.2://xerox-able_1406/expert Xerox Able 1406 - CUPS+Gutenprint v5.2.4 gutenprint.5.2://xerox-able_1406/simple Xerox Able 1406 - CUPS+Gutenprint v5.2.4 ... gutenprint.5.2://xerox-dc_400/expert Xerox Document Centre 400 - ... gutenprint.5.2://xerox-dc_400/simple Xerox Document Centre 400 - ... gutenprint.5.2://xerox-dp_4508/expert Xerox DocuPrint 4508 - ... gutenprint.5.2://xerox-dp_4508/simple Xerox DocuPrint 4508 - ... ...
# lpadmin -p printer-name -E -v socket://printer-IP-address -m printer-make-and-model -
The -E option allows the named printers to accept a queue of printing requests. It also activates or enables the printers.
# lpadmin -p printer-name -o printer-is-shared=true
To prevent the printer from being used by other systems, skip this step.
# lpoptions -p printer-name
For example, you could print double-sided and two-up.
# lpadmin -p printer-name -o job-sheets=labeled
If the default printer label range of ADMIN_LOW to ADMIN_HIGH is acceptable for every printer, then your label configuration is done.
Use the all-zones IP address for the global zone as the print server.
# zlogin -C labeled-zone
# lpadmin -p zone-printer-name -E \ -v ipp://global-zone-IP-address/printers/printer-name-in-global-zone
# lpadmin -d zone-printer-name
As root and as a regular user, perform the following steps:
# lp /etc/motd ~/PostScriptTest.ps % lp $HOME/file1.txt $HOME/PublicTest.ps
See Also
Limit printer label range – How to Configure a Restricted Label Range for a Printer
Prevent labeled output – Reducing Printing Restrictions in Trusted Extensions (Task Map)
Use this zone as a print server – How to Enable a Trusted Extensions Client to Access a Printer
When a printer is shared, any Trusted Extensions host that can reach the print server can use the shared printer.
Before You Begin
You must be in the System Administrator role in the global zone on this print server.
Follow Step 1 through Step 6 in How to Configure a Multilevel Print Server and Its Printers to configure your network printer.
After the printer is shared in Step 3, all systems on the network that can reach this print server can print to this printer.
As root and as a regular user, perform the following steps from systems that use this print server:
# lp /etc/motd ~/PostScriptTest.ps % lp $HOME/file1.txt $HOME/PublicTest.ps
See Also
Limit printer label range – How to Configure a Restricted Label Range for a Printer
Prevent labeled output – Reducing Printing Restrictions in Trusted Extensions (Task Map)
Before You Begin
The zone must not be sharing an IP address with the global zone. You must be in the System Administrator role in the global zone.
For details, see How to Add a Workspace at Your Minimum Label in Trusted Extensions User’s Guide.
For details, see How to Change the Label of a Workspace in Trusted Extensions User’s Guide.
Follow Step 1 through Step 6 in How to Configure a Multilevel Print Server and Its Printers to configure your zone printer.
The attached printers can print jobs only at the label of the zone.
Note - For security reasons, files with an administrative label, ADMIN_HIGH or ADMIN_LOW, print ADMIN_HIGH on the body of the printout. The banner and trailer pages are labeled with the highest label and compartments in the label_encodings file.
As root and as a regular user, perform the following steps:
# lp /etc/motd ~/PostScriptTest.ps % lp $HOME/file1.txt $HOME/PublicTest.ps
See Also
Prevent labeled output – Reducing Printing Restrictions in Trusted Extensions (Task Map)
Use this zone as a print server – How to Enable a Trusted Extensions Client to Access a Printer
Initially, only the zone in which a print server was configured can print to the printers of that print server. The system administrator must explicitly add access to those printers for other zones and systems. The possibilities are as follows:
For a global zone, add access to the shared printers that are connected to a global zone on a different system.
For a labeled zone, add access to the shared printers that are connected to the global zone of its system.
For a labeled zone, add access to a shared printer that a remote zone at the same label is configured for.
For a labeled zone, add access to the shared printers that are connected to a global zone on a different system.
Before You Begin
A print server has been configured with a label range or a single label. In addition, the printers that are connected to the print server have been configured and shared. For details, see the following:
You must be in the System Administrator role in the global zone.
# ping printer-IP-address
If this command fails, you have a network connection problem. Fix the connection problem, then return to this procedure. For assistance, see Troubleshooting the Trusted Network (Task Map).
$ lpadmin -p printer-name -E \ -v ipp://print-server-IP-address/printers/printer-name-on-server
For details, see How to Change the Label of a Workspace in Trusted Extensions User’s Guide.
$ lpadmin -p printer-name -E \ -v ipp://print-server-IP-address/printers/printer-name-on-print-server
The labels of the zones must be identical.
$ lpadmin -p printer-name -E \ -v ipp://zone-print-server-IP-address/printers/printer-name-on-zone-print-server
For instructions, see How to Assign a Label to an Unlabeled Print Server
Note - For security reasons, files with an administrative label, ADMIN_HIGH or ADMIN_LOW, print ADMIN_HIGH on the body pages of the printout. The banner and trailer pages are labeled with the highest label and compartments in the label_encodings file.
On every client, test that printing works for all accounts that can access the global zone and for all accounts that can access labeled zones.
# lp /etc/motd ~/PostScriptTest.ps % lp $HOME/file1.txt $HOME/PublicTest.ps
The default label range for a printer is ADMIN_LOW to ADMIN_HIGH. This procedure narrows the label range for a printer that is controlled by a Trusted Extensions print server.
Before You Begin
You must be in the Security Administrator role in the global zone.
Choose the Allocate Device option from the Trusted Path menu.
Otherwise, click the Add button and type a name for the new printer.
Choose a label from the label builder. For information about the label builder, see Label Builder in Trusted Extensions.
|