Standards, Environments, and Macros gssauthrules(5)
NAME
gssauthrules - overview of GS authorization
DESCRIPTION
The establishment of the veracity of a user's credentials
requires both authentication (Is this an authentic user?)
and authorization (Is this authentic user, in fact, author-
ized?).
When a user makes use of Generic Security Services (GS)
versions of the ftp or ssh clients to connect to a server,
the user is not necessarily authorized, even if his claimed
GS identity is authenticated, Authentication merely estab-
lishes that the user is who he says he is to the GS
mechanism's authentication system. Authorization is then
required: it determines whether the GS identity is permit-
ted to access the specified Solaris user account.
The GS authorization rules are as follows:
o If the mechanism of the connection has a set of
authorization rules, then use those rules. For
example, if the mechanism is Kerberos, then use the
krb5authrules(5), so that authorization is con-
sistent between raw Kerberos applications and
GS/Kerberos applications.
o If the mechanism of the connection does not have a
set of authorization rules, then authorization is
successful if the remote user's gssname matches the
local user's gssname exactly, as compared by
gsscomparename(3GS).
FILES
/etc/passwd System account file. This information may
also be in a directory service. See
passwd(4).
ATRIBUTES
See attributes(5) for a description of the following attri-
butes:
SunOS 5.11 Last change: 13 Apr 2004 1
Standards, Environments, and Macros gssauthrules(5)
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Evolving
SEE ALSO
ftp(1), ssh(1), gsscred(1M), gsscomparename(3GS),
passwd(4), attributes(5), krb5authrules(5)
SunOS 5.11 Last change: 13 Apr 2004 2
|
