'\" te
.\"  Copyright (c) 2004, Sun Microsystems, Inc.  All Rights Reserved
.TH gss_auth_rules 5 "13 Apr 2004" "SunOS 5.11" "Standards, Environments, and Macros"
.SH NAME
gss_auth_rules \- overview of GSS authorization
.SH DESCRIPTION
.sp
.LP
The establishment of the veracity of a user's credentials requires both authentication (Is this an authentic user?) and authorization (Is this authentic user, in fact, authorized?).
.sp
.LP
When a user makes use of Generic Security Services (GSS) versions of the \fBftp\fR or \fBssh\fR clients to connect to a server, the user is not necessarily authorized, even if his claimed GSS identity is authenticated, Authentication merely establishes that the user is who he says he is to the GSS mechanism's authentication system. Authorization is then required: it determines whether the GSS identity is permitted to access the specified Solaris user account.
.sp
.LP
The GSS authorization rules are as follows:
.RS +4
.TP
.ie t \(bu
.el o
If the mechanism of the connection has a set of authorization rules, then use those rules. For example, if the mechanism is Kerberos, then use the \fBkrb5_auth_rules\fR(5), so that authorization is consistent between raw Kerberos applications and GSS/Kerberos applications.
.RE
.RS +4
.TP
.ie t \(bu
.el o
If the mechanism of the connection does not have a set of authorization rules, then authorization is successful if the remote user's \fBgssname\fR matches the local user's \fBgssname\fR exactly, as compared by \fBgss_compare_name\fR(3GSS).
.RE
.SH FILES
.sp
.ne 2
.mk
.na
\fB\fB/etc/passwd\fR\fR
.ad
.RS 15n
.rt  
System account file. This information may also be in a directory service. See \fBpasswd\fR(4).
.RE

.SH SEE ALSO
.sp
.LP
\fBftp\fR(1), \fBssh\fR(1), \fBgsscred\fR(1M), \fBgss_compare_name\fR(3GSS), \fBpasswd\fR(4), \fBattributes\fR(5), \fBkrb5_auth_rules\fR(5)