GSSCRED(8) Maintenance Commands and Procedures GSSCRED(8)
NAME
gsscred - add, remove, and list gsscred table entries
SYNOPSIS
gsscred [
-n user [
-o oid] [
-u uid]] [
-c comment]
-m mech -a gsscred [
-n user [
-o oid]] [
-u uid] [
-m mech]
-r gsscred [
-n user [
-o oid]] [
-u uid] [
-m mech]
-lDESCRIPTION
The
gsscred utility is used to create and maintain a mapping between
a security principal name and a local UNIX
uid. The format of the
user name is assumed to be
GSS_C_NT_USER_NAME. You can use the
-o option to specify the object identifier of the
name type. The
OID must be specified in dot-separated notation, for example:
1.2.3.45464.3.1 The
gsscred table is used on server machines to lookup the
uid of
incoming clients connected using
RPCSEC_GSS.
When adding users, if no
user name is specified, an entry is created
in the table for each user from the
passwd table. If no
comment is
specified, the
gsscred utility inserts a comment that specifies the
user name as an
ASCII string and the
GSS-APIsecurity mechanism that
applies to it. The security mechanism will be in string
representation as defined in the
/etc/gss/mech file.
The parameters are interpreted the same way by the
gsscred utility to
delete users as they are to create users. At least one of the
following options must be specified:
-n,
-u, or
-m. If no security
mechanism is specified, then all entries will be deleted for the user
identified by either the
uid or
user name. If only the security
mechanism is specified, then all
user entries for that security
mechanism will be deleted.
Again, the parameters are interpreted the same way by the
gsscred utility to search for users as they are to create users. If no
options are specified, then the entire table is returned. If the
user name or
uid is specified, then all entries for that
user are
returned. If a security mechanism is specified, then all
user entries
for that security mechanism are returned.
OPTIONS
-a Add a table entry.
-c comment Insert comment about this table entry.
-l Search table for entry.
-m mech Specify the mechanism for which this name is to be
translated.
-n user Specify the optional principal name.
-o oid Specify the OID indicating the name type of the user.
-r Remove the entry from the table.
-u uid Specify the
uid for the
user if the
user is not local.
EXAMPLES
Example 1: Creating a gsscred Table for the Kerberos v5 Security
Mechanism
The following shows how to create a
gsscred table for the kerberos v5
security mechanism.
gsscred obtains
user names and
uid's from the
passwd table to populate the table.
example%
gsscred -m kerberos_v5 -a Example 2: Adding an Entry for root/host1 for the Kerberos v5 Security
Mechanism
The following shows how to add an entry for
root/host1 with a
specified
uid of
0 for the kerberos v5 security mechanism.
example%
gsscred -m kerberos_v5 -n root/host1 -u 0 -a Example 3: Listing All User Mappings for the Kerberos v5 Security
Mechanism
The following lists all user mappings for the kerberos v5 security
mechanism.
example%
gsscred -m kerberos_v5 -l Example 4: Listing All Mappings for All Security Mechanism for a
Specified User
The following lists all mappings for all security mechanisms for the
user
bsimpson.
example%
gsscred -n bsimpson -lEXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Evolving |
+--------------------+-----------------+
SEE ALSO
gsscred.conf(5),
attributes(7),
gssd(8)NOTES
Some GSS mechanisms, such as
kerberos_v5, provide their own
authenticated-name-to-local-name (uid) mapping and thus do not
usually have to be mapped using
gsscred. See
gsscred.conf(5) for more
information.
February 11, 2004 GSSCRED(8)
