svcadm(1M)을 검색하려면 섹션에서 1M 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
gsscred(8)
System Administration Commands gsscred(8)
NAME
gsscred - add, remove, and list gsscred table entries
SYNOPSIS
/usr/sbin/gsscred [-n user [-o oid] [-u uid]] [-c comment] -m mech -a
/usr/sbin/gsscred [-n user [-o oid]] [-u uid] [-m mech] -r
/usr/sbin/gsscred [-n user [-o oid]] [-u uid] [-m mech] -l
DESCRIPTION
The gsscred utility is used to create and maintain a mapping between a
security principal name and a local UNIX uid. The format of the user
name is assumed to be GSS_C_NT_USER_NAME. You can use the -o option to
specify the object identifier of the name type. The OID must be speci‐
fied in dot-separated notation, for example: 1.2.3.45464.3.1
The gsscred table is used on server machines to lookup the uid of
incoming clients connected using RPCSEC_GSS.
When adding users, if no user name is specified, an entry is created in
the table for each user from the passwd table. If no comment is speci‐
fied, the gsscred utility inserts a comment that specifies the user
name as an ASCII string and the GSS-API security mechanism that applies
to it. The security mechanism will be in string representation as
defined in the /etc/gss/mech file.
The parameters are interpreted the same way by the gsscred utility to
delete users as they are to create users. At least one of the following
options must be specified: -n, -u, or -m. If no security mechanism is
specified, then all entries will be deleted for the user identified by
either the uid or user name. If only the security mechanism is speci‐
fied, then all user entries for that security mechanism will be
deleted.
Again, the parameters are interpreted the same way by the gsscred util‐
ity to search for users as they are to create users. If no options are
specified, then the entire table is returned. If the user name or uid
is specified, then all entries for that user are returned. If a secu‐
rity mechanism is specified, then all user entries for that security
mechanism are returned.
OPTIONS
-a Add a table entry.
-c comment Insert comment about this table entry.
-l Search table for entry.
-m mech Specify the mechanism for which this name is to be trans‐
lated.
-n user Specify the optional principal name.
-o oid Specify the OID indicating the name type of the user.
-r Remove the entry from the table.
-u uid Specify the uid for the user if the user is not local.
EXAMPLES
Example 1 Creating a gsscred Table for the Kerberos v5 Security Mecha‐
nism
The following shows how to create a gsscred table for the kerberos v5
security mechanism. gsscred obtains user names and uid's from the
passwd table to populate the table.
example% gsscred -m kerberos_v5 -a
Example 2 Adding an Entry for root/host1 for the Kerberos v5 Security
Mechanism
The following shows how to add an entry for root/host1 with a specified
uid of 0 for the kerberos v5 security mechanism.
example% gsscred -m kerberos_v5 -n root/host1 -u 0 -a
Example 3 Listing All User Mappings for the Kerberos v5 Security Mecha‐
nism
The following lists all user mappings for the kerberos v5 security
mechanism.
example% gsscred -m kerberos_v5 -l
Example 4 Listing All Mappings for All Security Mechanism for a Speci‐
fied User
The following lists all mappings for all security mechanisms for the
user bsimpson.
example% gsscred -n bsimpson -l
EXIT STATUS
The following exit values are returned:
0 Successful completion.
> 0 An error occurred.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Availabilitysystem/library/security/gss _ Interface
StabilityCommitted
SEE ALSO
gsscred.conf(5), attributes(7), gssd(8)
NOTES
Some GSS mechanisms, such as kerberos_v5, provide their own authenti‐
cated-name-to-local-name (uid) mapping and thus do not usually have to
be mapped using gsscred. See gsscred.conf(5) for more information.
Oracle Solaris 11.4 21 Jun 2021 gsscred(8)