Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Apropos / Subsearch:
optional field

gss_auth_rules(5)     Standards, Environments, and Macros    gss_auth_rules(5)

       gss_auth_rules - overview of GSS authorization

       The establishment of the veracity of a user's credentials requires both
       authentication (Is this an authentic user?) and authorization (Is  this
       authentic user, in fact, authorized?).

       When  a  user  makes use of Generic Security Services (GSS) versions of
       the ftp or ssh clients to connect to a server, the user is  not  neces-
       sarily  authorized,  even if his claimed GSS identity is authenticated,
       Authentication merely establishes that the user is who he says he is to
       the  GSS  mechanism's  authentication  system.  Authorization  is  then
       required: it determines whether the GSS identity is permitted to access
       the specified Solaris user account.

       The GSS authorization rules are as follows:

         o  If  the  mechanism  of  the  connection has a set of authorization
            rules, then use those rules. For example, if the mechanism is Ker-
            beros,  then  use the krb5_auth_rules(5), so that authorization is
            consistent between  raw  Kerberos  applications  and  GSS/Kerberos

         o  If  the  mechanism of the connection does not have a set of autho-
            rization rules, then authorization is  successful  if  the  remote
            user's  gssname  matches the local user's gssname exactly, as com-
            pared by gss_compare_name(3GSS).


           System account file. This information may also be  in  a  directory
           service. See passwd(4).

       See attributes(5) for a description of the following attributes:

       tab()     allbox;     cw(2.750000i)|    cw(2.750000i)    lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE Interface StabilityEvolv-

       ftp(1),   ssh(1),   gsscred(1M),   gss_compare_name(3GSS),   passwd(4),
       attributes(5), krb5_auth_rules(5)

SunOS 5.10                        13 Apr 2004                gss_auth_rules(5)