|Skip Navigation Links|
|Exit Print View|
|Developer's Guide to Oracle Solaris Security Oracle Solaris 11 Express 11/10|
For convenience, the GSS-API does allow mechanisms and QOPs to be displayed in human-readable form. On Oracle Solaris systems, two files, /etc/gss/mech and /etc/gss/qop, contain information about available mechanisms and available QOPs. If you do not have access to these files, then you must provide the string literals from some other source. The published Internet standard for that mechanism or QOP should serve that purpose.
The /etc/gss/mech file lists the mechanisms that are available. /etc/gss/mech contains the names in both the numerical format and the alphabetic form. /etc/gss/mech presents the information in this format:
Mechanism name, in ASCII
Shared library for implementing the services that are provided by this mechanism
Optionally, the kernel module for implementing the service
A sample /etc/gss/mech might look like Example C-1.
Example C-1 The /etc/gss/mech File
# # Copyright 2003 Sun Microsystems, Inc. All rights reserved. # Use is subject to license terms. # #ident "@(#)mech 1.12 03/10/20 SMI" # # This file contains the GSS-API based security mechanism names, # the associated object identifiers (OID) and a shared library that # implements the services for the mechanisms under GSS-API. # # Mechanism Name Object Identifier Shared Library Kernel Module [Options] # kerberos_v5 1.2.840.1135126.96.36.199 mech_krb5.so kmech_krb5 spnego 188.8.131.52.5.5.2 mech_spnego.so.1 [msinterop] diffie_hellman_640_0 184.108.40.206.220.127.116.11.2.4 dh640-0.so.1 diffie_hellman_1024_0 18.104.22.168.22.214.171.124.2.5 dh1024-0.so.1
The /etc/gss/qop file stores, for all mechanisms installed, all the QOPs supported by each mechanism, both as an ASCII string and as the corresponding 32–bit integer. A sample /etc/gss/qop might look like the following example.
Example C-2 The /etc/gss/qop File
# # Copyright (c) 2000, by Sun Microsystems, Inc. # All rights reserved. # #ident "@(#)qop 1.3 00/11/09 SMI" # # This file contains information about the GSS-API based quality of # protection (QOP), its string name and its value (32-bit integer). # # QOP string QOP Value Mechanism Name # GSS_KRB5_INTEG_C_QOP_DES_MD5 0 kerberos_v5 GSS_KRB5_CONF_C_QOP_DES 0 kerberos_v5