| Skip Navigation Links | |
| Exit Print View | |
|
Remote Administration Daemon Developer Guide Oracle Solaris 11.1 Information Library |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Remote Administration Daemon Developer Guide Oracle Solaris 11.1 Information Library |
The main functionality offered by rad is as follows:
Essentials
Managed and configured by two SMF services, svc:/system/rad:local and svc:/system/rad:remote
Structured, browsable namespace.
Inspectable, typed, versioned interfaces.
Asynchronous event sources.
XML-based IDL ADR supports formally defining APIs. The IDL compiler radadrgen generates code and analyzes compatibility of API changes.
Security
Full PAM conversation support including use of pam_setcred(3PAM) to set the audit context.
Implicit authentication using getpeerucred(3C) when possible.
No non-local network connectivity by default. Preconfigured to use TLS.
Most operations automatically delegated to lesser-privileged processes.
Defines two authorizations (solaris.smf.manage.rad and solaris.smf.value.rad) and two Rights Profiles (rad Management and rad Configuration) to provide fine-grained separation of powers for managing and configuring the rad SMF services.
rad authorizations
solaris.smf.manage.rad — Grants the authorization to enable, disable, or restart the rad SMF services.
solaris.smf.value.rad — Grants the authorization to change rad SMF services' property values.
rad rights profiles
rad Management — Includes the solaris.smf.manage.rad authorization.
rad Configuration — Includes the solaris.smf.value.rad authorization.
Generates AUE_rad_login, AUE_logout, AUE_role_login, AUE_role_logout, and AUE_passwd audit events.
Connectivity
Local access via AF_UNIX sockets.
Remote access via TCP sockets.
Secure remote access via TLS sockets.
Captive execution with access through a pipe.
Connection points are completely configurable at the command line or via SMF.
Client support
A JMX connector exposes rad interfaces as Open MBeans to Java clients.
radadrgen can auto-generate MXBean interfaces for use by JMX consumers. Can also generate basic concrete subclasses.
A plain Java client permits explicit access to server objects from non-JMX environments.
A native C library offers explicit access to server objects.
Extension
A public native C module interface supports addition of third-party content.
radadrgen can generate server-side type definitions and stubs from IDL input.
A native execution system can automatically run modules with authenticated user's privilege and audit context, simplifying authentication and auditing.
Private module interfaces permit defining new transports.
|