Mercurial Mercurial > upstream > oracle > userland-gate / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/krb5/Solaris/man/gss_auth_rules.5
changeset 5490 9bf0bc57423a
child 6621 08009c15e349
equal deleted inserted replaced
5489:a5031bb8b66d 5490:9bf0bc57423a 
       
     1 '\" te
 
       
     2 .\"  Copyright (c) 2004, Sun Microsystems, Inc.  All Rights Reserved
 
       
     3 .TH gss_auth_rules 5 "13 Apr 2004" "SunOS 5.12" "Standards, Environments, and Macros"
 
       
     4 .SH NAME
 
       
     5 gss_auth_rules \- overview of GSS authorization
 
       
     6 .SH DESCRIPTION
 
       
     7 .sp
 
       
     8 .LP
 
       
     9 The establishment of the veracity of a user's credentials requires both authentication (Is this an authentic user?) and authorization (Is this authentic user, in fact, authorized?).
 
       
    10 .sp
 
       
    11 .LP
 
       
    12 When a user makes use of Generic Security Services (GSS) versions of the \fBftp\fR or \fBssh\fR clients to connect to a server, the user is not necessarily authorized, even if his claimed GSS identity is authenticated, Authentication merely establishes that the user is who he says he is to the GSS mechanism's authentication system. Authorization is then required: it determines whether the GSS identity is permitted to access the specified Solaris user account.
 
       
    13 .sp
 
       
    14 .LP
 
       
    15 The GSS authorization rules are as follows:
 
       
    16 .RS +4
 
       
    17 .TP
 
       
    18 .ie t \(bu
 
       
    19 .el o
 
       
    20 If the mechanism of the connection has a set of authorization rules, then use those rules. For example, if the mechanism is Kerberos, then use the \fBkrb5_auth_rules\fR(5), so that authorization is consistent between raw Kerberos applications and GSS/Kerberos applications.
 
       
    21 .RE
 
       
    22 .RS +4
 
       
    23 .TP
 
       
    24 .ie t \(bu
 
       
    25 .el o
 
       
    26 If the mechanism of the connection does not have a set of authorization rules, then authorization is successful if the remote user's \fBgssname\fR matches the local user's \fBgssname\fR exactly, as compared by \fBgss_compare_name\fR(3GSS).
 
       
    27 .RE
 
       
    28 .SH FILES
 
       
    29 .sp
 
       
    30 .ne 2
 
       
    31 .mk
 
       
    32 .na
 
       
    33 \fB\fB/etc/passwd\fR\fR
 
       
    34 .ad
 
       
    35 .RS 15n
 
       
    36 .rt  
       
    37 System account file. This information may also be in a directory service. See \fBpasswd\fR(4).
 
       
    38 .RE
 
       
    39 
       
    40 .SH ATTRIBUTES
 
       
    41 .sp
 
       
    42 .LP
 
       
    43 See \fBattributes\fR(5) for a description of the following attributes:
 
       
    44 .sp
 
       
    45 
       
    46 .sp
 
       
    47 .TS
 
       
    48 tab() box;
 
       
    49 cw(2.75i) |cw(2.75i) 
       
    50 lw(2.75i) |lw(2.75i) 
       
    51 .
 
       
    52 ATTRIBUTE TYPEATTRIBUTE VALUE
 
       
    53 _
 
       
    54 Interface StabilityCommitted
 
       
    55 .TE
 
       
    56 
       
    57 .SH SEE ALSO
 
       
    58 .sp
 
       
    59 .LP
 
       
    60 \fBftp\fR(1), \fBssh\fR(1), \fBgsscred\fR(1M), \fBgss_compare_name\fR(3GSS), \fBpasswd\fR(4), \fBattributes\fR(5), \fBkrb5_auth_rules\fR(5)
upstream/oracle/userland-gate