Interesting.. every time I've setup a tx zone I get failed logins until I share the /etc/passwd. No LDAP here. Looks like I got some work to do. The rest, I'll update soon. Thanks for the feedback!
On Mar 2, 2007, at 12:27 PM, Jarrett Lu wrote: > Bob, > > I looked at your Idiot's Guide to TX yesterday evening. First I > want to thanks you for > doing this and being a pioneer in trying to use TX. I hope many > people will benefit from > your experience and wisdom. > > A couple of small nits: Strictly speaking, the global zone's name > isn't really ADMIN_LOW. > ADMIN_LOW is global zone's label. Global zone has its own zone > name, e.g. if you do > 'zonename', you will see the zone name is "global zone" not ADMIN_LOW. > > In the DMZ example, it's correct that user identity can be > centrally administered in > an LDAP database. However, passwd files need not be shared by all > zones. In > fact each zone can have its own copy of passwd file so that the > zone admin can > administer users on per zone bases. > > Thanks again for doing this. I'll refer other readers to your Guide. > > Jarrett > > > Robert Bailey wrote: > >> Folks, >> >> I'm attempting to put together an idiots guide to TX. Mostly >> taking lessons learned the hard way, and using common (SA) >> english instead of the NSA version ;) >> >> http://web.mac.com/robert.bailey/iWeb/Fun%20in%20the%20Sun/Trusted >> % 20Extensions/42C89DE4-67A3-4338-BA50-0CF38C9D970E.html >> >> http://web.mac.com/robert.bailey also contains regular zone >> migration, general security tips and VCS with zones info. If >> interested. >> >> Thoughts, commends, "that ain't even close"'s are all welcome. >> >> Thanks >> Bob >> _______________________________________________ >> security-discuss mailing list >> security-discuss at opensolaris.org > >
