Standards, Environments, and Macros gss_auth_rules(5)
NAME
gss_auth_rules - overview of GSS authorization
DESCRIPTION
The establishment of the veracity of a user's credentials requires both authentication (Is this an authentic user?)and authorization (Is this authentic user, in fact, author-
ized?). When a user makes use of Generic Security Services (GSS) versions of the ftp or ssh clients to connect to a server, the user is not necessarily authorized, even if his claimedGSS identity is authenticated, Authentication merely estab-
lishes that the user is who he says he is to the GSS mechanism's authentication system. Authorization is thenrequired: it determines whether the GSS identity is permit-
ted to access the specified Solaris user account. The GSS authorization rules are as follows: o If the mechanism of the connection has a set of authorization rules, then use those rules. For example, if the mechanism is Kerberos, then use thekrb5_auth_rules(5), so that authorization is con-
sistent between raw Kerberos applications andGSS/Kerberos applications. o If the mechanism of the connection does not have a set of authorization rules, then authorization is successful if the remote user's gssname matches the local user's gssname exactly, as compared by
gss_compare_name(3GSS).
FILES /etc/passwd System account file. This information may also be in a directory service. See passwd(4).ATTRIBUTES
See attributes(5) for a description of the following attri-
butes:SunOS 5.11 Last change: 13 Apr 2004 1
Standards, Environments, and Macros gss_auth_rules(5)
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Committed ||_____________________________|_____________________________|
SEE ALSO
ftp(1), ssh(1), gsscred(1M), gss_compare_name(3GSS),
passwd(4), attributes(5), krb5_auth_rules(5)
SunOS 5.11 Last change: 13 Apr 2004 2