Preface

The Solaris Security for Developers Guide describes the public application programming interfaces (API) and service provider interfaces (SPI) for the security features in the Solaris^TM operating environment. The term service provider refers to components that are plugged into a framework to provide security services, such as cryptographic algorithms and security protocols.

Note –

This Solaris release supports systems that use the SPARC® and x86 families of processor architectures: UltraSPARC®, SPARC64, AMD64, Pentium, and Xeon EM64T. The supported systems appear in the Solaris 10 Hardware Compatibility List at http://www.sun.com/bigadmin/hcl. This document cites any implementation differences between the platform types.

In this document these x86 related terms mean the following:

“x86” refers to the larger family of 64-bit and 32-bit x86 compatible products.
“x64” points out specific 64-bit information about AMD64 or EM64T systems.
“32-bit x86” points out specific 32-bit information about x86 based systems.

For supported systems, see the Solaris 10 Hardware Compatibility List.

What's New

OpenSolaris development build 103: In Packaging Kernel-Level Provider Modules, steps 3 and 4 are not required for OpenSolaris development build 103 or later.

OpenSolaris development build 74: A new chapter, Chapter 10, Introduction to the Solaris Key Management Framework, describes interfaces and tools for managing Public Key Infrastructure objects in Solaris.

Who Should Use This Book

The Solaris Security for Developers Guide is intended for C-language developers who want to write the following types of programs:

Privileged applications that can override system controls
Applications that use authentication and related security services
Applications that need to secure network communications
Applications that use cryptographic services
Libraries, shared objects, and plug-ins that provide or consume security services

Note –

For Java-language equivalents to the Solaris features, see http://java.sun.com/javase/technologies/security/.

Before You Read This Book

Readers of this guide should be familiar with C programming. A basic knowledge of security mechanisms is helpful but not required. You do not need to have specialized knowledge about network programming to use this book.

How This Book Is Organized

This book is organized into the following chapters.

Chapter 1, Solaris Security for Developers (Overview) provides an introduction to the Solaris security.
Chapter 2, Developing Privileged Applications describes how to write privileged applications that use process privileges.
Chapter 3, Writing PAM Applications and Services explains how to write a pluggable application module (PAM).
Chapter 4, Writing Applications That Use GSS-API provides an introduction to the Generic Security Service Application Programming Interface (GSS-API).
Chapter 5, GSS-API Client Example and Chapter 6, GSS-API Server Example each provide a walk-through of GSS-API examples.
Chapter 7, Writing Applications That Use SASL describes how to write applications for the Simple Authentication Security Layer (SASL).
Chapter 8, Introduction to the Solaris Cryptographic Framework provides an overview of the Solaris cryptographic framework, both at the user level and kernel level.
Chapter 9, Writing User–Level Cryptographic Applications and Providers describes how to write consumers and providers for the user level of the Solaris cryptographic framework.
Chapter 10, Introduction to the Solaris Key Management Framework describes programming interfaces and administrative tools for managing Public Key Infrastructure (PKI) objects in Solaris.
Appendix A, Sample C–Based GSS-API Programs provides complete code listings for the GSS-API examples.
Appendix B, GSS-API Reference provides reference information for various items in the GSS-API.
Appendix C, Specifying an OID describes how to specify a mechanism. This technique is used in cases where a mechanism other than the default mechanism is to be used.
Appendix D, Source Code for SASL Example provides complete code listings for the SASL examples.
Appendix E, SASL Reference Tables provides brief descriptions of the major SASL interfaces.
Appendix F, Packaging and Signing Cryptographic Providers describes how to package and sign cryptographic providers.
Glossary provides definitions for security terms that are used throughout the manual.

Documentation, Support, and Training

The Sun web site provides information about the following additional resources:

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions. To share your comments, go to http://docs.sun.com and click Feedback.

Typographic Conventions

The following table describes the typographic conventions that are used in this book.

Table P–1 Typographic Conventions


Typeface	Meaning	Example
`AaBbCc123`	The names of commands, files, and directories, and onscreen computer output	Edit your `.login` file. Use `ls -a` to list all files. `machine_name% you have mail.`
`AaBbCc123`	What you type, contrasted with onscreen computer output	`machine_name%` `su` `Password:`
`aabbcc123`	Placeholder: replace with a real name or value	The command to remove a file is `rm` `filename`.
AaBbCc123	Book titles, new terms, and terms to be emphasized	Read Chapter 6 in the User's Guide. A cache is a copy that is stored locally. Do not save the file. Note: Some emphasized items appear bold online.

Shell Prompts in Command Examples

The following table shows the default UNIX® system prompt and superuser prompt for shells that are included in the Solaris OS. Note that the default system prompt that is displayed in command examples varies, depending on the Solaris release.

Table P–2 Shell Prompts


Shell	Prompt
Bash shell, Korn shell, and Bourne shell	`$`
Bash shell, Korn shell, and Bourne shell for superuser	`#`
C shell	`machine_name%`
C shell for superuser	`machine_name#`

Contained Within

Find More Documentation

Featured Support Resources