gss_auth_rules(5) Standards, Environments, and Macros gss_auth_rules(5)NAMEgss_auth_rules - overview of GSS authorization
DESCRIPTION
The establishment of the veracity of a user's credentials requires both
authentication (Is this an authentic user?) and authorization (Is this
authentic user, in fact, authorized?).
When a user makes use of Generic Security Services (GSS) versions of
the ftp or ssh clients to connect to a server, the user is not neces‐
sarily authorized, even if his claimed GSS identity is authenticated,
Authentication merely establishes that the user is who he says he is to
the GSS mechanism's authentication system. Authorization is then
required: it determines whether the GSS identity is permitted to access
the specified Solaris user account.
The GSS authorization rules are as follows:
· If the mechanism of the connection has a set of authorization
rules, then use those rules. For example, if the mechanism is Ker‐
beros, then use the krb5_auth_rules(5), so that authorization is
consistent between raw Kerberos applications and GSS/Kerberos
applications.
· If the mechanism of the connection does not have a set of autho‐
rization rules, then authorization is successful if the remote
user's gssname matches the local user's gssname exactly, as com‐
pared by gss_compare_name(3GSS).
FILES
/etc/passwd
System account file. This information may also be in a directory
service. See passwd(4).
ATTRIBUTES
See attributes(5) for a description of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Evolving │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSOftp(1), ssh(1), gsscred(1M), gss_compare_name(3GSS), passwd(4),
attributes(5), krb5_auth_rules(5)SunOS 5.10 13 Apr 2004 gss_auth_rules(5)