1gss_auth_rules(5) Standards, Environments, and Macros gss_auth_rules(5)
2
6 gss_auth_rules - overview of GSS authorization
7
9 The establishment of the veracity of a user's credentials requires both
10 authentication (Is this an authentic user?) and authorization (Is this
11 authentic user, in fact, authorized?).
12 When a user makes use of Generic Security Services (GSS) versions of
15 the ftp or ssh clients to connect to a server, the user is not neces‐
16 sarily authorized, even if his claimed GSS identity is authenticated,
17 Authentication merely establishes that the user is who he says he is to
18 the GSS mechanism's authentication system. Authorization is then
19 required: it determines whether the GSS identity is permitted to access
20 the specified Solaris user account.
21 The GSS authorization rules are as follows:
24 o If the mechanism of the connection has a set of authoriza‐
26 tion rules, then use those rules. For example, if the mecha‐
27 nism is Kerberos, then use the krb5_auth_rules(5), so that
28 authorization is consistent between raw Kerberos applica‐
29 tions and GSS/Kerberos applications.
30 o If the mechanism of the connection does not have a set of
32 authorization rules, then authorization is successful if the
33 remote user's gssname matches the local user's gssname
34 exactly, as compared by gss_compare_name(3GSS).
35
37 /etc/passwd System account file. This information may also be in a
38 directory service. See passwd(4).
39
42 See attributes(5) for a description of the following attributes:
43 ┌─────────────────────────────┬─────────────────────────────┐
48 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
49 ├─────────────────────────────┼─────────────────────────────┤
50 │Interface Stability │Evolving │
51 └─────────────────────────────┴─────────────────────────────┘
52
54 ftp(1), ssh(1), gsscred(1M), gss_compare_name(3GSS), passwd(4),
55 attributes(5), krb5_auth_rules(5)
56SunOS 5.11 13 Apr 2004 gss_auth_rules(5)