author | Rich Burridge <rich.burridge@oracle.com> |
Fri, 31 Mar 2017 07:26:17 -0700 | |
changeset 7820 | a2b9a7de9e1a |
parent 5698 | 40ccd2e5524c |
permissions | -rw-r--r-- |
5698
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
1 |
'\" te |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
2 |
.\" Copyright (c) 2006, 2013, Oracle and/or its affiliates All rights reserved. |
7820
a2b9a7de9e1a
25795430 Adjust Userland man pages to "5.11" (from "5.12") where needed
Rich Burridge <rich.burridge@oracle.com>
parents:
5698
diff
changeset
|
3 |
.TH krb5_auth_rules 5 "2012 年 1 月 5 日" "SunOS 5.11" "標準、環境、マクロ" |
5698
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
4 |
.SH 名前 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
5 |
krb5_auth_rules \- Kerberos V5 承認の概要 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
6 |
.SH 機能説明 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
7 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
8 |
.LP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
9 |
Kerberos 化されたバージョンの \fBftp\fR、\fBrcp\fR、\fBrlogin\fR、\fBrsh\fR、\fBssh\fR、\fBtelnet\fR、または \fBSSH\fR クライアントを使用してサーバーに接続すると、元のユーザーの識別情報は Kerberos V5 認証システムに対する認証を受ける必要があります。その後、\fB~/.k5login\fR ファイルと \fBgsscred\fR テーブルに適切なエントリが存在する場合や、デフォルトの GSS/Kerberos 認証ルールが正常に Kerberos 主体名を UNIX ログイン名にマップしている場合、アカウントアクセスの認証が可能になります。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
10 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
11 |
.LP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
12 |
セキュリティーの問題を回避するには、クライアントがアクセスを試みているサーバー上のリモートユーザーが \fB~/.k5login\fR ファイルを所有している必要があります。ファイルには、\fIprincipal/instance\fR@\fIrealm\fR 形式の Kerberos 主体名で構成される非公開の承認リストが含まれている必要があります。Kerberos 主体名の \fI/instance\fR 変数はオプションです。たとえば、\[email protected]\fR や \fBjdb/[email protected]\fR などのさまざまな主体名は同等ではありませんが、正当な Kerberos 主体です。\fB~/.k5login\fR ファイルがリモートユーザーアカウントのログインディレクトリに配置され、元のユーザーがファイルに指定された主体のいずれかに対する認証を受けることができる場合、クライアントにアクセス権が付与されます。Kerberos 主体名の詳細は、\fBkadm5.acl\fR(4) を参照してください。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
13 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
14 |
.LP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
15 |
\fB~/.k5login\fR ファイルがリモートユーザーのログインアカウントに見つからなかった場合は、元のユーザーに関連付けられた Kerberos V5 主体名が \fBgsscred\fR テーブルと比較してチェックされます。\fBgsscred\fR テーブルが存在し、そのテーブルで主体名が一致している場合、テーブルにリストされている Unix ユーザー ID がクライアントがアクセスを試みているユーザーアカウントに対応していれば、アクセス権が付与されます。Unix ユーザー ID が一致しない場合、アクセスは拒否されます。\fBgsscred\fR(1M) を参照してください。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
16 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
17 |
.LP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
18 |
たとえば、\fBgsscred\fR テーブルにリストされている元のユーザーの主体名が \[email protected]\fR、\fBuid\fR が \fB23154\fR の場合、\fB23154\fR がユーザーアカウントデータベースにリストされている \fBjdb-user\fR の \fBuid\fR でもあれば、\fBjdb-user\fR アカウントへのアクセス権が付与されます。\fBpasswd\fR(4) を参照してください。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
19 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
20 |
.LP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
21 |
最後に、\fB~/.k5login\fR ファイルが存在せず、元のユーザーの Kerberos V5 識別情報が \fBgsscred\fR テーブルに存在しない場合や、\fBgsscred\fR テーブル自体が存在しない場合、次の条件 (デフォルトの GSS/Kerberos 認証ルール) を満たせば、クライアントにアカウントへのアクセス権が付与されます: |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
22 |
.RS +4 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
23 |
.TP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
24 |
.ie t \(bu |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
25 |
.el o |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
26 |
認証された主体名のユーザー部分がクライアントが指定した Unix アカウント名と同じである。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
27 |
|
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
28 |
.RE |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
29 |
.RS +4 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
30 |
.TP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
31 |
.ie t \(bu |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
32 |
.el o |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
33 |
\fBkrb5.conf\fR(4) \fIauth_to_local_realm\fR パラメータを使用してレルムを作成しない場合を除いて、クライアントとサーバーのレルム部分は同じである。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
34 |
|
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
35 |
.RE |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
36 |
.RS +4 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
37 |
.TP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
38 |
.ie t \(bu |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
39 |
.el o |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
40 |
Unix アカウント名がサーバーに存在する。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
41 |
|
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
42 |
.RE |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
43 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
44 |
.LP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
45 |
たとえば、元のユーザーの主体名が \[email protected]\fR で、サーバーのレルムが \fBSALES.ACME.COM\fR の場合、\fBjdb\fR がサーバー上の有効なアカウント名であっても、クライアントのアクセスは拒否されます。これは、レルム \fBSALES.ACME.COM\fR と \fBENG.ACME.COM\fR が異なるためです。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
46 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
47 |
.LP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
48 |
\fBkrb5.conf\fR(4) \fIauth_to_local_realm\fR パラメータによっても承認は影響を受けます。デフォルト以外のレルムは、認証済みの \fBname-to-local name\fR マッピングのデフォルトレルムと同等とみなすことができます。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
49 |
.SH ファイル |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
50 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
51 |
.ne 2 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
52 |
.mk |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
53 |
.na |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
54 |
\fB\fB~/.k5login\fR\fR |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
55 |
.ad |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
56 |
.RS 15n |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
57 |
.rt |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
58 |
ユーザーアカウントごとの認証ファイルです。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
59 |
.RE |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
60 |
|
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
61 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
62 |
.ne 2 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
63 |
.mk |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
64 |
.na |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
65 |
\fB\fB/etc/passwd\fR\fR |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
66 |
.ad |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
67 |
.RS 15n |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
68 |
.rt |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
69 |
システムアカウントファイルです。この情報はディレクトリサービスに存在することもあります。\fBpasswd\fR(4) を参照してください。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
70 |
.RE |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
71 |
|
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
72 |
.SH 属性 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
73 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
74 |
.LP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
75 |
属性についての詳細は、\fBattributes\fR(5) を参照してください。 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
76 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
77 |
.TS |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
78 |
tab( ) box; |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
79 |
cw(2.75i) |cw(2.75i) |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
80 |
lw(2.75i) |lw(2.75i) |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
81 |
. |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
82 |
属性タイプ 属性値 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
83 |
_ |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
84 |
インタフェースの安定性 確実 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
85 |
.TE |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
86 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
87 |
.SH 関連項目 |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
88 |
.sp |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
89 |
.LP |
40ccd2e5524c
23019839 pre-phase 3 changes to support the upcoming krb migration phase 3 push to on12
Will Fiveash <will.fiveash@oracle.com>
parents:
diff
changeset
|
90 |
\fBftp\fR(1), \fBrcp\fR(1), \fBrsh\fR(1), \fBtelnet\fR(1), \fBgsscred\fR(1M), \fBkadm5.acl\fR(4), \fBkrb5.conf\fR(4), \fBpasswd\fR(4), \fBattributes\fR(5), \fBgss_auth_rules\fR(5) |