개요

• 솔라나라에 설명된 어플리케이션에 대해 맨 페이지를 찾아 출력한다.
• MAN 페이지에 대한 설명은 윈디하나의 솔라나라: MAN 페이지을 참고하자.
• svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.

gss_auth_rules(7)

Standards, Environments, and Macros                          gss_auth_rules(7)



NAME
       gss_auth_rules - overview of GSS authorization

DESCRIPTION
       The establishment of the veracity of a user's credentials requires both
       authentication (Is this an authentic user?) and authorization (Is  this
       authentic user, in fact, authorized?).


       When  a  user  makes use of Generic Security Services (GSS) versions of
       the ftp or ssh clients to connect to a server, the user is  not  neces‐
       sarily  authorized,  even if his claimed GSS identity is authenticated,
       Authentication merely establishes that the user is who he says he is to
       the  GSS  mechanism's  authentication  system.  Authorization  is  then
       required: it determines whether the GSS identity is permitted to access
       the specified Solaris user account.


       The GSS authorization rules are as follows:

           o      If  the  mechanism of the connection has a set of authoriza‐
                  tion rules, then use those rules. For example, if the mecha‐
                  nism  is  Kerberos, then use the krb5_auth_rules(7), so that
                  authorization is consistent between  raw  Kerberos  applica‐
                  tions and GSS/Kerberos applications.

           o      If  the  mechanism  of the connection does not have a set of
                  authorization rules, then authorization is successful if the
                  remote  user's  gssname  matches  the  local  user's gssname
                  exactly, as compared by gss_compare_name(3GSS).

FILES
       /etc/passwd    System account file. This information may also be  in  a
                      directory service. See passwd(5).



ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       box; cbp-1 | cbp-1 l | l .  ATTRIBUTE TYPE ATTRIBUTE VALUE = Availabil‐
       ity   security/kerberos-5 = Stability Pass-through committed


SEE ALSO
       ftp(1),  ssh(1),  gss_compare_name(3GSS),   passwd(5),   attributes(7),
       krb5_auth_rules(7), gsscred(8)



NOTES
       Source  code  for open source software components in Oracle Solaris can
       be found at https://www.oracle.com/downloads/opensource/solaris-source-
       code-downloads.html.

       This     software     was    built    from    source    available    at
       https://github.com/oracle/solaris-userland.   The  original   community
       source      was      downloaded      from       http://web.mit.edu/ker‐
       beros/dist/krb5/1.18/krb5-1.18.4.tar.gz.

       Further information about this software can be found on the open source
       community website at http://web.mit.edu/kerberos/.



Solaris 11.4                      21 Jun 2021                gss_auth_rules(7)