跳过导航链接 | |
退出打印视图 | |
Oracle Solaris 11 开发者安全性指南 Oracle Solaris 11.1 Information Library (简体中文) |
为方便起见,GSS-API 允许以可读方式显示机制和 QOP。在 Oracle Solaris 系统上,两个文件(/etc/gss/mech 和 /etc/gss/qop)中包含有关可用机制和可用 QOP 的信息。如果无权访问这些文件,则必须提供来自其他源代码的串文字。针对该机制或 QOP 发布的 Internet 标准应当可以实现此目的。
/etc/gss/mech 文件列出了可用的机制。/etc/gss/mech 包含数值和字母两种格式的名称。/etc/gss/mech 将显示以下格式的信息:
ASCII 形式的机制名称
机制的 OID
用于实现此机制所提供的服务的共享库
也可以是用于实现服务的内核模块
/etc/gss/mech 样例可能与 示例 D-1 类似。
示例 D-1 /etc/gss/mech 文件
# # Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved. # #ident "@(#)mech 1.12 03/10/20 SMI" # # This file contains the GSS-API based security mechanism names, # the associated object identifiers (OID) and a shared library that # implements the services for the mechanisms under GSS-API. # # Mechanism Name Object Identifier Shared Library Kernel Module [Options] # kerberos_v5 1.2.840.113554.1.2.2 mech_krb5.so kmech_krb5 spnego 1.3.6.1.5.5.2 mech_spnego.so.1 [msinterop] diffie_hellman_640_0 1.3.6.4.1.42.2.26.2.4 dh640-0.so.1 diffie_hellman_1024_0 1.3.6.4.1.42.2.26.2.5 dh1024-0.so.1
对于安装的所有机制,/etc/gss/qop 文件存储每个机制所支持的所有 QOP,这些机制均以 ASCII 字符串和对应的 32 位整数两种形式提供。样例 /etc/gss/qop 可能如以下示例所示:
示例 D-2 /etc/gss/qop 文件
# # Copyright (c) 2000,2012 by Oracle and/or its affiliates. All rights reserved. . # All rights reserved. # #ident "@(#)qop 1.3 00/11/09 SMI" # # This file contains information about the GSS-API based quality of # protection (QOP), its string name and its value (32-bit integer). # # QOP string QOP Value Mechanism Name # GSS_KRB5_INTEG_C_QOP_DES_MD5 0 kerberos_v5 GSS_KRB5_CONF_C_QOP_DES 0 kerberos_v5