Go to main content

man pages section 5: File Formats

Exit Print View

Updated: Wednesday, February 10, 2021

gss_auth_rules (5)


gss_auth_rules - overview of GSS authorization


Please see following description for synopsis


Standards, Environments, and Macros                          gss_auth_rules(5)

       gss_auth_rules - overview of GSS authorization

       The establishment of the veracity of a user's credentials requires both
       authentication (Is this an authentic user?) and authorization (Is  this
       authentic user, in fact, authorized?).

       When  a  user  makes use of Generic Security Services (GSS) versions of
       the ftp or ssh clients to connect to a server, the user is  not  neces-
       sarily  authorized,  even if his claimed GSS identity is authenticated,
       Authentication merely establishes that the user is who he says he is to
       the  GSS  mechanism's  authentication  system.  Authorization  is  then
       required: it determines whether the GSS identity is permitted to access
       the specified Solaris user account.

       The GSS authorization rules are as follows:

           o      If  the  mechanism of the connection has a set of authoriza-
                  tion rules, then use those rules. For example, if the mecha-
                  nism  is  Kerberos, then use the krb5_auth_rules(5), so that
                  authorization is consistent between  raw  Kerberos  applica-
                  tions and GSS/Kerberos applications.

           o      If  the  mechanism  of the connection does not have a set of
                  authorization rules, then authorization is successful if the
                  remote  user's  gssname  matches  the  local  user's gssname
                  exactly, as compared by gss_compare_name(3GSS).

       /etc/passwd    System account file. This information may also be  in  a
                      directory service. See passwd(5).

       See attributes(7) for descriptions of the following attributes:

       |Availability   | security/kerberos-5    |
       |Stability      | Pass-through committed |
       ftp(1),   ssh(1),   gsscred(1M),   gss_compare_name(3GSS),   passwd(5),
       attributes(7), krb5_auth_rules(5)

       This    software    was    built    from    source     available     at
       https://github.com/oracle/solaris-userland.    The  original  community
       source     was      downloaded      from       https://web.mit.edu/ker-

       Further information about this software can be found on the open source
       community website at https://web.mit.edu/kerberos/.

Solaris 11.4                      13 Apr 2004                gss_auth_rules(5)