unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

gss_auth_rules(5)     Standards, Environments, and Macros    gss_auth_rules(5)



NAME
       gss_auth_rules - overview of GSS authorization

DESCRIPTION
       The establishment of the veracity of a user's credentials requires both
       authentication (Is this an authentic user?) and authorization (Is  this
       authentic user, in fact, authorized?).

       When  a  user  makes use of Generic Security Services (GSS) versions of
       the ftp or ssh clients to connect to a server, the user is  not  neces-
       sarily  authorized,  even if his claimed GSS identity is authenticated,
       Authentication merely establishes that the user is who he says he is to
       the  GSS  mechanism's  authentication  system.  Authorization  is  then
       required: it determines whether the GSS identity is permitted to access
       the specified Solaris user account.

       The GSS authorization rules are as follows:

         o  If  the  mechanism  of  the  connection has a set of authorization
            rules, then use those rules. For example, if the mechanism is Ker-
            beros,  then  use the krb5_auth_rules(5), so that authorization is
            consistent between  raw  Kerberos  applications  and  GSS/Kerberos
            applications.

         o  If  the  mechanism of the connection does not have a set of autho-
            rization rules, then authorization is  successful  if  the  remote
            user's  gssname  matches the local user's gssname exactly, as com-
            pared by gss_compare_name(3GSS).


FILES
       /etc/passwd

           System account file. This information may also be  in  a  directory
           service. See passwd(4).



ATTRIBUTES
       See attributes(5) for a description of the following attributes:


       tab()     allbox;     cw(2.750000i)|    cw(2.750000i)    lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE Interface StabilityEvolv-
       ing


SEE ALSO
       ftp(1),   ssh(1),   gsscred(1M),   gss_compare_name(3GSS),   passwd(4),
       attributes(5), krb5_auth_rules(5)



SunOS 5.10                        13 Apr 2004                gss_auth_rules(5)