The parenthesized number on an index entry indicates the location of the entry within the book. Entries before the first numbered section in a chapter are identified as Sec. n.0.
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
A
absolute pathname (Sec. 2.4)
ACCEPT
default name (Sec. 8.5.4)
acceptor (Sec. C.3)
access control list (Sec. 8.3.1)
accessing the authentication databases (Sec. 3.3)
account lock (Sec. 4.4)
ACL
default (Sec. 7.6)
entry rules (Sec. 7.4.3)
example of setting for file (Sec. 7.5)
external representation (Sec. 7.2.2)
inheritance (Sec. 7.6)
library routines (Sec. 7.3)
object creation rule (Sec. 7.4.1)
propagation (Sec. 7.4.1)
replication rule (Sec. 7.4.2)
umask (Sec. 7.4.1)
working storage (Sec. 7.2.1)
working storage: example (Sec. 7.5)
aliases for audit events (Sec. B.2)
allowSendEvents resource (Sec. 2.7.2)
ANSI C
symbol preemption (Sec. 6.17.1)
antecedent directories (Sec. 1.1)
Application Security SDK (Sec. 8.2)
assumptions (Sec. 8.1)
audgen system call (Sec. 5.1)
specifying audit log (Sec. 5.9)
audgenl library routine
example (Sec. 5.1)
audgenl system call
example (Sec. 5.8.2)
audgenl()
example (Sec. 5.7)
audit
application-specific records (Sec. 5.7)
audcntl flag (Sec. 5.6)
auditmask flag (Sec. 5.6)
AUD_T public tokens (Sec. 5.3.1)
AUD_TP private tokens (Sec. 5.3.2)
creating own log (Sec. 5.9)
disabling system-call auditing (Sec. 5.5)
event types (Sec. 5.2)
fixed-length tokens (Sec. 5.3.1)
iovec-type tokens (Sec. 5.3.1)
masks (Sec. 5.4)
modifying for process (Sec. 5.6)
pointer-type tokens (Sec. 5.3.1)
process control flag (Sec. 5.4)
record as series of tuples (Sec. 5.3)
site-defined events (Sec. 5.8)
tokens (Sec. 5.3)
tuples (Sec. 5.3)
audit events
default events (Sec. B.1)
audit log
reading (Sec. 5.10)
reading algorithm (Sec. 5.10.3)
tuple formats (Sec. 5.10.1)
audit subsystem
default auditable events (Sec. B.1)
default event aliases (Sec. B.2)
auditable events (Sec. B.1)
AUD_MAXEVENT_LEN (Sec. 5.8)
AUD_T public audit tokens (Sec. 5.3.1)
AUD_TP private audit tokens (Sec. 5.3.2)
authentication (Sec. 4.0)
authentication (Sec. 8.0)
authentication (Sec. C.1.1)
mutual (Sec. 8.3.3.3.4)
mutual (Sec. 8.4.6)
mutual (Sec. C.2)
authentication profile (Sec. 3.1.4)
authentication program (Sec. 4.1)
Authentication Service (Sec. C.1.2.1)
authenticator (Sec. C.1.2.2.6)
authorization (Sec. C.1.1)
A_PROCMASK_SET macro (Sec. 5.6)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
B
buffer management (Sec. 3.2.2.1)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
C
cache
default location (Sec. 8.3.2.3)
management (Sec. 8.4.1)
channel bindings (Sec. 8.3.3.3)
application data (Sec. 8.3.3.3.1)
child process
inherited file access (Sec. 2.6)
signal mask and (Sec. 2.5)
chown system call
SUID or SGID permissions (Sec. 2.1)
client (Sec. C.1.2.1)
clock skew (Sec. C.9.2)
close-on-exec flag (Sec. 2.6)
confidentiality (Sec. 8.0)
confidentiality (Sec. 8.3.3.3.2)
confidentiality (Sec. C.1.1)
constants (Sec. 8.6.1)
context
establishing (Sec. C.6)
terminating (Sec. C.8)
conventions (Sec. 8.6)
core files (Sec. 2.5)
create_file_securely() library routine (Sec. 3.1.2)
credentials
acceptor (Sec. C.5)
acquiring (Sec. C.5)
for user (Sec. C.9)
default Kerberos cache (Sec. 8.3.2.3)
delegation (Sec. 8.3.3.3.6)
expire (Sec. 8.3.2.2)
initial (Sec. C.1.2.2.4)
managing (Sec. C.9.1)
initiator (Sec. C.5)
management (Sec. 8.3.1.1)
refreshing (Sec. 8.4.9)
types (Sec. C.5)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
D
DAC
protecting the TCB (Sec. 1.1.1)
daemon programs (Sec. 4.3)
data
storing in a secure location (Sec. 2.3)
data files (Sec. 1.1)
data structures (Sec. 8.7)
database
writing entries (Sec. 3.2.2.5)
databases
accessing (Sec. 3.3)
entries (Sec. 3.2)
fields (Sec. 3.2)
system defaults (Sec. 3.2)
terminal control (Sec. 3.2.1)
update (Sec. 3.2.2)
update (Sec. 3.2.2.5)
decisions at start (Sec. C.1.2.3)
default names (Sec. 8.5.3)
See also names
default principal (Sec. 8.3.1.1)
DES-CBC (Sec. 8.3.4.1)
DES-MAC (Sec. 8.3.4.1)
DES-MAC-MD5 (Sec. 8.3.4.1)
DES3 (Sec. C.9.3)
DES3-CBC (Sec. 8.3.4.1)
DES3-MAC-MD5 (Sec. 8.3.4.1)
devices
database (Sec. 3.1.1)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
E
EACCES errno value (Sec. 2.2)
encrypted password (Sec. 3.1.4)
encryption
algorithms (Sec. C.7)
types (Sec. 8.4.2)
using DES3 (Sec. C.9.2)
enhanced password database (Sec. 3.1.4)
enhanced password database (Sec. 4.4)
entry points (Sec. 6.17.1)
environment variable
CSFC5CCNAME (Sec. 8.3.2.3)
CSFC5KTNAME (Sec. 8.3.2.3)
CSFC5KTNAME (Sec. C.11.4)
CSFC5RCNAME (Sec. 8.4.9)
KRB5KTNAME (Sec. C.11.4)
EPERM errno value (Sec. 2.2)
EROFS errno value (Sec. 2.2)
errno variable (Sec. 2.2)
error codes (Sec. C.9.3)
Kerberos-specific (Sec. 8.9.4)
error processing macros (Sec. 8.9.1)
/etc/auth/system/ttys file (Sec. 3.1.5)
/etc/passwd file (Sec. 3.1.4)
/etc/passwd file (Sec. 4.4)
/etc/sec/audit_events file (Sec. B.1)
/etc/sec/event_aliases file (Sec. B.2)
/etc/sec/site_events file (Sec. 5.8)
/etc/sysconfigtab
setting audit-site-events (Sec. 5.8)
events
aliases (Sec. B.2)
audit (Sec. 5.2)
audit (Sec. B.1)
example
ACL creation (Sec. 7.5)
ACL inheritance (Sec. 7.6)
ACL permission removal (Sec. 7.6)
application-specific audit record (Sec. 5.7)
audgenl() (Sec. 5.1)
audit tuple parsing macros (Sec. 5.10.3)
audit: iovec-type record (Sec. 5.3.1)
auditmask (Sec. 5.6)
site-defined audit event (Sec. 5.8.2)
executable stack (Sec. 2.1)
execve system call (Sec. 2.5)
exported
names (Sec. 8.3.1)
security contexts (Sec. 8.4.3)
external names (Sec. 8.3.1)
external representation
ACL (Sec. 7.2.2)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
F
fcntl system call
close-on-exec flag (Sec. 2.6)
file control database
description (Sec. 3.1.2)
file descriptors (Sec. 2.6)
files
protecting (Sec. 2.3)
fork system call (Sec. 2.5)
fork system call (Sec. 4.1)
forwardable tickets (Sec. 8.3.3.3.7)
forwardable tickets (Sec. 8.4.13)
functions
name management (Sec. 8.3)
other support (Sec. 8.3.4.1)
performing basic tasks (Sec. C.2)
reference (Sec. 8.5.4)
security context management (Sec. 8.3.2.4)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
G
getluid system call (Sec. 4.1)
getting started (Sec. C.1.2.3)
GSS-API
assumptions (Sec. 8.1)
context management (Sec. 8.3.2.4)
design goals (Sec. 8.1)
mechanism independence (Sec. 8.1)
names used for (Sec. 8.3.1)
primary goals (Sec. 8.1)
security mechanisms (Sec. 8.1)
standards (Sec. 8.1.1)
transport protocol independence (Sec. 8.1)
gss_accept_sec_context function (Sec. 8.3.3.2)
gss_accept_sec_context function (Sec. 8.3.3.3.1)
gss_accept_sec_context function (Sec. 8.3.3.3.1)
channel bindings (Sec. 8.3.3.3.1)
gss_acquire_cred function
passing OID to (Sec. 8.5.2)
GSS_CALLING_ERROR function (Sec. 8.9.2.1)
gss_compare_name function (Sec. 8.3.1)
GSS_C_AF_INET
address format supported (Sec. 8.3.3.3.1)
gss_display_name function
comparing names (Sec. 8.5.1)
printable names (Sec. 8.5.1)
GSS_ERROR function (Sec. 8.9.2)
gss_get_mic function
specifying QOP (Sec. 8.5.3)
gss_import_name function
comparing names (Sec. 8.5.1)
name parsing (Sec. 8.3.1.1)
printable names (Sec. 8.5.1)
gss_init_sec_context function
channel bindings (Sec. 8.3.3.3.1)
initiator responsibility (Sec. 8.3.3.4)
mechanism identifier (Sec. 8.3.3.1)
optional protection
channel bindings (Sec. 8.3.3.3)
confidentiality (Sec. 8.3.3.3.1)
forwarding tickets (Sec. 8.3.3.3.7)
integrity (Sec. 8.3.3.3.1)
out-of-sequence message detection (Sec. 8.3.3.3.3)
replay detection (Sec. 8.3.3.3.2)
passing OID to (Sec. 8.5.1)
gss_release_name function
when used (Sec. 8.3.1)
GSS_ROUTINE_ERROR function (Sec. 8.9.2.2)
gss_seal function
See also gss_wrap function
gss_sign function
See also gss_get_mic function
GSS_SUPPLEMENTARY_INFO function (Sec. 8.9.2.3)
gss_unseal function
See also gss_unwrap function
gss_unwrap function
return QOP (Sec. 8.5.3)
gss_verify function
See also gss_verify_mic function
gss_verify_mic function
return QOP (Sec. 8.5.3)
gss_wrap function
specifying QOP (Sec. 8.5.3)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
I
identification (Sec. 4.0)
identification (Sec. C.1.1)
initial credentials
managing (Sec. C.9.1)
INITIATE
default name (Sec. 8.5.4)
initiator (Sec. C.3)
integrating security mechanisms (Sec. 6.9)
integrity (Sec. 8.0)
integrity (Sec. 8.3.3.3.1)
integrity (Sec. C.1.1)
algorithms (Sec. C.7)
internal names (Sec. 8.3.1)
internal names (Sec. C.4)
Internet Drafts
Generic Security Service API Version 2: C-bindings (Sec. 8.1.2)
interprocess communication
security consideration (Sec. 2.3)
iovec
audit record using (Sec. 5.3.1)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
K
Kerberos
overview (Sec. C.1)
Kerberos-specific error codes (Sec. 8.9.4)
key
secret (Sec. C.1.2.2.1)
Key Distribution Center (KDC) (Sec. C.1.2.1)
keyboard
securing (Sec. 2.7.1)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
L
libaud library (Sec. 1.2)
libraries
as part of the TCB (Sec. 1.1)
routines (Sec. 1.4)
routines for ACLs (Sec. 7.3)
security relevent (Sec. 1.2)
libsecurity library (Sec. 1.2)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
M
macro
audit tuple parsing (Sec. 5.10.3)
major status (Sec. 8.9.2.4)
major status (Sec. C.10)
matrix.conf file (Sec. 6.14)
MD2.5 (Sec. 8.3.4.1)
mechanism
independence (Sec. 8.1)
names (Sec. 8.3.1)
specifying (Sec. 8.5.1)
mechanism-dependent interface (Sec. 6.15)
messages
confidentiality (Sec. C.7)
exchange between applications (Sec. C.1.2.2.6)
exchange with KDC (Sec. C.1.2.2.5)
exchanging between applications (Sec. C.6)
integrity (Sec. C.7)
sequencing (Sec. 8.3.3.3.3)
minor status (Sec. 8.9.3)
minor status (Sec. C.10)
minor status (Sec. C.10)
MIN_SITE_EVENT (Sec. 5.8)
modifying database entries (Sec. 3.2.2.5)
mouse
securing (Sec. 2.7.2)
multi-threaded functions (Sec. 8.4.5)
mutual authentication (Sec. 8.3.3.3.4)
mutual authentication (Sec. 8.4.6)
mutual authentication (Sec. C.2)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
N
name type (Sec. 8.3.1)
name type (Sec. 8.3.1)
Kerberos 5 (Sec. C.4)
names
comparing (Sec. 8.5)
default (Sec. 8.5.3)
default (Sec. C.4)
ACCEPT (Sec. 8.5.4)
INITIATE (Sec. 8.5.4)
principal name (Sec. 8.3.1.1)
service principal name (Sec. C.4)
exported (Sec. 8.3.1)
external (Sec. 8.3.1)
human-readable (Sec. C.4)
internal (Sec. 8.3.1)
internal (Sec. C.4)
mechanism (Sec. 8.3.1)
obtaining (Sec. C.3)
printable (Sec. 8.5)
used for (Sec. 8.3.1)
naming routines (Sec. 6.17.2)
null password (Sec. 4.4)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
O
object code (Sec. 1.1)
object identifier
See OID
OID (Sec. 8.3.3.1)
OID (Sec. 8.3.5)
used for (Sec. 8.3.1)
OID set
hard-coded (Sec. 8.5.2)
one-time passwords (Sec. C.9.1)
open file descriptor (Sec. 2.6)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
P
password
coding example (Sec. A.0)
passwords
protecting (Sec. 8.4.7)
PATH variable
defining (Sec. 2.4)
null entry in (Sec. 2.4)
secure shell scripts (Sec. 2.8)
pathname
absolute (Sec. 2.4)
relative (Sec. 2.4)
permanent file (Sec. 2.3)
preauthentication (Sec. 8.4.13.1)
Pretty Good Privacy (PGP) (Sec. 8.3.4)
principal (Sec. C.1.2.1)
service name (Sec. C.4)
unattended host (Sec. C.4)
principal database (Sec. C.1.2.1)
principal name (Sec. 8.3.1.1)
private audit tokens (Sec. 5.3.2)
process
audit control flag (Sec. 5.4)
process priority (Sec. 3.1.4)
protected subsystem pseudogroup (Sec. 3.2.2)
protecting passwords (Sec. 8.4.7)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
Q
QOP
Kerberos (Sec. 8.3.4)
specifying (Sec. 8.5.2)
use default (Sec. 8.5.3)
used by (Sec. 8.3.4)
quality of protection
See QOP
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
R
read-only file systems (Sec. 1.1.1)
realm (Sec. C.1.2.1)
realm (Sec. C.1.2.2.3)
reference (Sec. 8.5.4)
refreshing credentials (Sec. 8.4.9)
relative pathname (Sec. 2.4)
replay
detection (Sec. 8.3.3.3.2)
protection (Sec. 8.4.8)
resource management (Sec. 8.4.10)
return values (Sec. 8.8.3)
RFCs
1510 Kerberos Network Authentication Service (V5) (Sec. 8.1.1)
1964 Kerberos Version 5 GSS-API Mechanism (Sec. 8.1.1)
2078 Generic Security Service Application Program Interface Version 2 (Sec. 8.1.1)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
S
sample application (Sec. C.10.1)
sample programs
building (Sec. C.11)
displaying names (Sec. C.4)
importing names (Sec. C.4)
prerequisites (Sec. C.11.2)
running (Sec. C.11.1)
Secure Keyboard menu item (Sec. 2.7.1)
security
considerations (Sec. 8.4)
mechanism (Sec. 8.1)
recommendations (Sec. 8.4)
security breach
possible program responses to (Sec. 2.2)
security context
establishing (Sec. C.5)
optional security (Sec. C.6)
availability (Sec. 8.3.3.3)
channel bindings (Sec. 8.3.3.3)
confidentiality and integrity (Sec. 8.3.3.3.1)
message sequencing (Sec. 8.3.3.3.3)
replay detection (Sec. 8.3.3.3.2)
terminating (Sec. C.7.2)
security-sensitive commands (Sec. 6.1)
segments (Sec. 2.3)
semaphores (Sec. 2.3)
service (Sec. C.1.2.1)
service (Sec. C.1.2.1)
service key table file (Sec. 8.4.11)
default name (Sec. C.5)
storing credentials (Sec. C.5)
service principal name (Sec. C.4)
service ticket (Sec. C.1.2.2.4)
setluid system call (Sec. 4.1)
set_auth_parameters() library routine (Sec. 4.2)
SGID
set group ID programs (Sec. 2.1)
shell
defining variables (Sec. 2.4)
path variable syntax (Sec. 2.4)
shell script (Sec. 1.1)
security consideration (Sec. 2.8)
shell variable
specific shell variables (Sec. 2.4)
SIA
accessing secure information (Sec. 6.12)
audit logging (Sec. 6.8)
callbacks (Sec. 6.5)
changing a user shell (Sec. 6.11.3)
changing finger information (Sec. 6.11.2)
changing secure information (Sec. 6.11)
coding example (Sec. A.0)
debugging (Sec. 6.8)
group information (Sec. 6.12.2)
header files (Sec. 6.2.2)
initialization (Sec. 6.3)
integrating mechanisms (Sec. 6.9)
interface routines (Sec. 6.1)
layering (Sec. 6.2)
login process (Sec. 6.10.6.1)
logs (Sec. 6.8)
maintaining state (Sec. 6.6)
matrix.conf file (Sec. 6.14)
mechanism-dependent interface (Sec. 6.15)
packaging layered products (Sec. 6.14)
parameter collection (Sec. 6.13)
parameter collection (Sec. 6.5)
password, accessing (Sec. 6.12.1)
passwords, changing (Sec. 6.11.1)
return values (Sec. 6.10)
return values (Sec. 6.7)
rlogind process (Sec. 6.10.6.3)
rshd process (Sec. 6.10.6.2)
security-sensitive commands (Sec. 6.1)
session authentication (Sec. 6.10.2)
session establishment (Sec. 6.10.3)
session initialization (Sec. 6.10.1)
session launch (Sec. 6.10.4)
session processing (Sec. 6.10)
session release (Sec. 6.10.5)
SIAENTITY structure (Sec. 6.4)
siainit command (Sec. 6.3)
sialog file (Sec. 6.8)
vouching (Sec. 6.9)
signal
secure response to (Sec. 2.5)
signal routine (Sec. 2.5)
SIGQUIT signal
security consideration (Sec. 2.5)
SIGTRAP signal
security consideration (Sec. 2.5)
site-defined audit events (Sec. 5.8)
site_events file (Sec. 5.8)
stack
executable (Sec. 2.1)
standards information (Sec. 8.1.1)
startup script (Sec. 4.1)
status codes
return values (Sec. C.9.3)
sticky bit (Sec. 1.1.1)
using to secure temporary files (Sec. 2.3)
strong symbols (Sec. 6.17.2)
SUID
executable stack (Sec. 2.1)
set user ID programs (Sec. 2.1)
symbol preemption (Sec. 6.17.1)
system call
common return value (Sec. 2.2)
security consideration for a failed call (Sec. 2.2)
system defaults database
description (Sec. 3.1.3)
undefined fields (Sec. 3.2)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
T
TCB (Sec. 1.1)
executable file (Sec. 1.1)
indirect programs (Sec. 1.1)
security configuration (Sec. 1.2)
trusted program (Sec. 1.1)
trusted system directories (Sec. 1.3)
temporary files (Sec. 2.3)
temporary files (Sec. 3.1.2)
terminal control database (Sec. 3.1.5)
terminal control database (Sec. 3.2.1)
threads (Sec. 8.4.1)
ticket (Sec. C.1.2.1)
attributes (Sec. 8.4.12)
forwardable (Sec. 8.4.13)
initial (Sec. C.1.2.2.4)
lifetime (Sec. 8.4.13.2)
lifetime (Sec. C.9.2)
preauthentication (Sec. 8.4.13.1)
renew time (Sec. 8.4.13.3)
service (Sec. C.1.2.2.4)
Ticket-Granting Service (TGS) (Sec. C.1.2.2.5)
ticket-granting ticket (TGT) (Sec. C.1.2.2.4)
fetching (Sec. C.5)
time delay (Sec. 3.1.5)
time synchronization (Sec. C.9.1)
tmp file
security consideration (Sec. 2.4)
token
audit fixed-length (Sec. 5.3.1)
audit iovec-type (Sec. 5.3.1)
audit pointer-type (Sec. 5.3.1)
audit private (Sec. 5.3.2)
audit public (Sec. 5.3.1)
token cards (Sec. 8.2)
one-time passwords (Sec. C.9.1)
token exchange (Sec. 8.3.3.1)
token exchange (Sec. C.6)
transport protocol independence (Sec. 8.1)
triple DES (Sec. C.9.3)
trusted computing base
See TCB
trusted program (Sec. 1.1)
trusted programming techniques (Sec. 2.0)
tuple
common to audit logs (Sec. 5.10.1)
detailed description (Sec. 5.10.2)
parsing audit (Sec. 5.10.3)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
U
umask system call (Sec. 7.4.1)
using to secure temporary files (Sec. 2.3)
undefined field (Sec. 3.2)
unlink system call
protecting file access (Sec. 2.3)
user context (Sec. C.2)
user input
security consideration (Sec. 2.7.1)
/usr/tmp file (Sec. 2.4)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
V
v5srvtab file (Sec. C.5)
vouching (Sec. 6.9)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
W
weak symbols (Sec. 6.17.2)
working storage
ACL (Sec. 7.2.1)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
X
X environment
use of in a secure environment (Sec. 2.7.1)
writing secure programs in (Sec. 2.7)
X window
See X environment
XGrabKeyboard() routine (Sec. 2.7.1)
XReparentWindow() routine
using in a secure environment (Sec. 2.7.3)
XSendEvent() routine (Sec. 2.7.2)