gsscred(1m) - osol9

1gsscred(1M)             System Administration Commands             gsscred(1M)
2
3
4

NAME

6       gsscred - add, remove, and list gsscred table entries
7

SYNOPSIS

9       gsscred [-n user [-o oid] [-u uid]] [-c comment] -m mech -a
10
11
12       gsscred [-n user [-o oid]] [-u uid] [-m mech] -r
13
14
15       gsscred [-n user [-o oid]] [-u uid] [-m mech] -l
16
17

DESCRIPTION

19       The  gsscred utility is used to create and maintain a mapping between a
20       security principal name and a local UNIX uid. The format  of  the  user
21       name  is assumed to be GSS_C_NT_USER_NAME. You can use the -o option to
22       specify the object identifier of the name type. The OID must be  speci‐
23       fied in dot-separated notation, for example: 1.2.3.45464.3.1
24
25
26       The  gsscred  table  is  used  on  server machines to lookup the uid of
27       incoming clients connected using RPCSEC_GSS.
28
29
30       When adding users, if no user name is specified, an entry is created in
31       the  table for each user from the passwd table. If no comment is speci‐
32       fied, the gsscred utility inserts a comment  that  specifies  the  user
33       name  as an ASCII string and the GSS-APIsecurity mechanism that applies
34       to it. The security mechanism  will  be  in  string  representation  as
35       defined in the /etc/gss/mech file.
36
37
38       The  parameters  are interpreted the same way by the gsscred utility to
39       delete users as they are to create users. At least one of the following
40       options  must  be specified: -n, -u, or -m. If no security mechanism is
41       specified, then all entries will be deleted for the user identified  by
42       either  the  uid or user name. If only the security mechanism is speci‐
43       fied, then all  user  entries  for  that  security  mechanism  will  be
44       deleted.
45
46
47       Again, the parameters are interpreted the same way by the gsscred util‐
48       ity to search for users as they are to create users. If no options  are
49       specified,  then  the entire table is returned. If the user name or uid
50       is specified, then all entries for that user are returned. If  a  secu‐
51       rity  mechanism  is  specified, then all user entries for that security
52       mechanism are returned.
53

OPTIONS

55       -a            Add a table entry.
56
57
58       -c comment    Insert comment about this table entry.
59
60
61       -l            Search table for entry.
62
63
64       -m mech       Specify the mechanism for which this name is to be trans‐
65                     lated.
66
67
68       -n user       Specify the optional principal name.
69
70
71       -o oid        Specify the OID indicating the name type of the user.
72
73
74       -r            Remove the entry from the table.
75
76
77       -u uid        Specify the uid for the user if the user is not local.
78
79

EXAMPLES

81       Example  1 Creating a gsscred Table for the Kerberos v5 Security Mecha‐
82       nism
83
84
85       The following shows how to create a gsscred table for the  kerberos  v5
86       security  mechanism.  gsscred  obtains  user  names  and uid's from the
87       passwd table to populate the table.
88
89
90         example% gsscred -m kerberos_v5 -a
91
92
93
94       Example 2 Adding an Entry for root/host1 for the Kerberos  v5  Security
95       Mechanism
96
97
98       The following shows how to add an entry for root/host1 with a specified
99       uid of 0 for the kerberos v5 security mechanism.
100
101
102         example% gsscred -m kerberos_v5 -n root/host1 -u 0 -a
103
104
105
106       Example 3 Listing All User Mappings for the Kerberos v5 Security Mecha‐
107       nism
108
109
110       The  following  lists  all  user  mappings for the kerberos v5 security
111       mechanism.
112
113
114         example% gsscred -m kerberos_v5 -l
115
116
117
118       Example 4 Listing All Mappings for All Security Mechanism for a  Speci‐
119       fied User
120
121
122       The  following  lists  all mappings for all security mechanisms for the
123       user bsimpson.
124
125
126         example% gsscred -n bsimpson -l
127
128
129

EXIT STATUS

131       The following exit values are returned:
132
133       0     Successful completion.
134
135
136       >0    An error occurred.
137
138

ATTRIBUTES

140       See attributes(5) for descriptions of the following attributes:
141
142
143
144
145       ┌─────────────────────────────┬─────────────────────────────┐
146       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
147       ├─────────────────────────────┼─────────────────────────────┤
148       │Availability                 │SUNWgss                      │
149       ├─────────────────────────────┼─────────────────────────────┤
150       │Interface Stability          │Evolving                     │
151       └─────────────────────────────┴─────────────────────────────┘
152

NOTES

157       Some GSS mechanisms, such as kerberos_v5, provide their  own  authenti‐
158       cated-name-to-local-name  (uid) mapping and thus do not usually have to
159       be mapped using gsscred. See gsscred.conf(4) for more information.
160
161
162
163SunOS 5.11                        11 Feb 2004                      gsscred(1M)