개요

• 솔라나라에 설명된 어플리케이션에 대해 맨 페이지를 찾아 출력한다.
• MAN 페이지에 대한 설명은 윈디하나의 솔라나라: MAN 페이지을 참고하자.
• svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.

pam_gss_s4u(7)

Standards, Environments, Macros, Character Sets, and miscellany
                                                                pam_gss_s4u(7)



NAME
       pam_gss_s4u - set credential PAM module for Services For Users (S4U)

SYNOPSIS
       /usr/lib/security/pam_gss_s4u.so.1

DESCRIPTION
       The  pam_gss_s4u  module  attempts  to  obtain credentials on behalf of
       PAM_USER by using the Generic Security Services API (GSS-API)  for  the
       Services  for  User  (S4U)  protocol. This would be beneficial for non-
       login processes that require services  secured  by  Kerberos,  such  as
       those executed from cron(8) or at(1).

   GSS-API Set Credential Module
       The  GSS-API  S4U  module  provides  the  set  credential  function for
       pam_sm_setcred(). The credentials can be set from  initial  authentica‐
       tion    credentials   using   the   host's   keys   by   stacking   the
       pam_krb5_keytab(7) module before  pam_gss_s4u(7).  Subsequently,  these
       credentials can be used to obtain credentials for itself on behalf of a
       user, S4U2Self. The resulting credentials can be used to obtain a  ser‐
       vice ticket for a target service on behalf of the user, S4U2Proxy.


       The  following options can be passed to the GSS-API set credential mod‐
       ule:

       debug     Provides syslog(3C) debugging information at LOG_DEBUG level.


       nowarn    Turns off warning messages.


   GSS-API Authentication Module
       The Kerberos key table authentication module provides  the  authentica‐
       tion   function   for   pam_sm_authenticate().   The  function  returns
       PAM_IGNORE.

ERRORS
       The following error codes are returned for pam_sm_setcred():

       PAM_CRED_UNAVAIL    The initial  authentication  credentials  does  not
                           exist.


       PAM_SUCCESS         Successfully  obtained S4U credentials for the user
                           associated with PAM_USER.


       PAM_SYSTEM_ERR      System error.


       PAM_USER_UNKNOWN    The user associated with PAM_USER is not  found  in
                           the database.


EXAMPLES
       Example  1  Set  Credential for Initial Authentication Through Kerberos
       Key Table File Optionally Through S4U Requests



       The following is an excerpt of a sample /etc/pam.d/cron file:




         auth definitive   pam_user_policy.so.1
         auth required     pam_unix_auth.so.1
         auth required     pam_unix_cred.so.1
         auth requisite    pam_krb5_keytab.so.1
         auth optional     pam_gss_s4u.so.1




       Given that set credentials uses the same  stack  as  authenticate,  the
       above  will  provision  Kerberos  credentials  through  the  successful
       authentication of the keys found in the system's  key  table  file  via
       pam_krb5_keytab(7).  Subsequently,  these  credentials  will be used to
       obtain S4U credentials for PAM_USER.

ATTRIBUTES
       See attributes(7) for a description of the following attribute:


       tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE  TYPEAT‐
       TRIBUTE VALUE _ Interface StabilityCommitted


SEE ALSO
       kinit(1),    syslog(3C),    libpam(3LIB),    pam(3PAM),   pam_sm(3PAM),
       pam_sm_authenticate(3PAM),      pam_sm_setcred(3PAM),      pam.conf(5),
       attributes(7), pam_krb5(7), pam_krb5_keytab(7)



Oracle Solaris 11.4               6 Feb 2020                    pam_gss_s4u(7)