The gsscred credential table is used by an NFS server to map Kerberos credentials to a UNIX UID. By default, the primary part of the principal name is matched to a UNIX login name. You create this table if the default mapping is not sufficient.
Before You Begin
You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .
# cat /etc/gss/gsscred.conf ... # files # # # Syslog (auth.debug) a message for GSS cred to Unix cred mapping #SYSLOG_UID_MAPPING=yes
# gsscred -m kerberos_v5 -a
The gsscred command gathers information from all sources that are listed with the passwd entry in the svc:/system/name-service/switch:default service. If you do not want the local password entries included in the credential table, you can temporarily remove the files entry. For more information, see the gsscred(1M) man page.
For example, as the root role on the NFS server, add an entry to map the principal sandy/admin to UID 3736. The –a option adds the entry to the credential table.
# gsscred -m kerberos_v5 -n sandy/admin -u 3736 -a
In this example, you use a fully-qualified domain name (FQDN) to specify a principal in a different domain.
# gsscred -m kerberos_v5 -n sandy/admin@EXAMPLE.COM -u 3736 -a