GSS_AUTH_RULES(7) Standards, Environments, and Macros GSS_AUTH_RULES(7)
NAME
gss_auth_rules - overview of GSS authorization
DESCRIPTION
The establishment of the veracity of a user's credentials requires
both authentication (Is this an authentic user?) and authorization
(Is this authentic user, in fact, authorized?).
When a user makes use of Generic Security Services (GSS) versions of
the
ftp or
ssh clients to connect to a server, the user is not
necessarily authorized, even if his claimed GSS identity is
authenticated, Authentication merely establishes that the user is who
he says he is to the GSS mechanism's authentication system.
Authorization is then required: it determines whether the GSS
identity is permitted to access the specified Solaris user account.
The GSS authorization rules are as follows:
o If the mechanism of the connection has a set of
authorization rules, then use those rules. For example, if
the mechanism is Kerberos, then use the
krb5_auth_rules(7), so that authorization is consistent
between raw Kerberos applications and GSS/Kerberos
applications.
o If the mechanism of the connection does not have a set of
authorization rules, then authorization is successful if
the remote user's
gssname matches the local user's
gssname exactly, as compared by
gss_compare_name(3GSS).
FILES
/etc/passwd System account file. This information may also be in a
directory service. See
passwd(5).
ATTRIBUTES
See
attributes(7) for a description of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Evolving |
+--------------------+-----------------+
SEE ALSO
ftp(1),
ssh(1),
gss_compare_name(3GSS),
passwd(5),
attributes(7),
krb5_auth_rules(7),
gsscred(8) April 13, 2004 GSS_AUTH_RULES(7)
