Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1m‎ > ‎

gsscred


NAME
     gsscred - add, remove, and list gsscred table entries

SYNOPSIS
     gsscred [-n user [-o oid] [-u uid]] [-c comment] -m mech -a


     gsscred [-n user [-o oid]] [-u uid] [-m mech] -r


     gsscred [-n user [-o oid]] [-u uid] [-m mech] -l


DESCRIPTION
     The gsscred utility is used to create and maintain a mapping
     between  a security principal name and a local UNIX uid. The
     format of the user name is assumed to be GSS_C_NT_USER_NAME.
     You  can  use the -o option to specify the object identifier
     of the name type. The OID must be specified in dot-separated
     notation, for example: 1.2.3.45464.3.1


     The gsscred table is used on server machines to  lookup  the
     uid of incoming clients connected using RPCSEC_GSS.


     When adding users, if no user name is specified, an entry is
     created in the table for each user from the passwd table. If
     no comment is specified, the gsscred utility inserts a  com-
     ment that specifies the user name as an ASCII string and the
     GSS-APIsecurity mechanism that applies to it.  The  security
     mechanism will be in string representation as defined in the
     /etc/gss/mech file.


     The parameters are interpreted the same way by  the  gsscred
     utility  to  delete  users  as  they are to create users. At
     least one of the following options must  be  specified:  -n,
     -u,  or  -m. If no security mechanism is specified, then all
     entries will be deleted for the user  identified  by  either
     the  uid  or  user  name.  If only the security mechanism is
     specified, then all user entries for that security mechanism
     will be deleted.


     Again, the parameters are interpreted the same  way  by  the
     gsscred  utility  to  search for users as they are to create
     users. If no options are specified, then the entire table is
     returned.  If  the  user  name or uid is specified, then all
     entries for that user are returned. If a security  mechanism
     is  specified,  then  all  user  entries  for  that security
     mechanism are returned.

OPTIONS
     -a            Add a table entry.


     -c comment    Insert comment about this table entry.


     -l            Search table for entry.


     -m mech       Specify the mechanism for which this  name  is
                   to be translated.


     -n user       Specify the optional principal name.


     -o oid        Specify the OID indicating the  name  type  of
                   the user.


     -r            Remove the entry from the table.


     -u uid        Specify the uid for the user if  the  user  is
                   not local.


EXAMPLES
     Example 1 Creating a gsscred Table for the Kerberos v5 Secu-
     rity Mechanism


     The following shows how to create a gsscred  table  for  the
     kerberos  v5  security mechanism. gsscred obtains user names
     and uid's from the passwd table to populate the table.


       example% gsscred -m kerberos_v5 -a



     Example 2 Adding an Entry for root/host1 for the Kerberos v5
     Security Mechanism


     The following shows how to add an entry for root/host1  with
     a specified uid of 0 for the kerberos v5 security mechanism.


       example% gsscred -m kerberos_v5 -n root/host1 -u 0 -a

     Example 3 Listing All User  Mappings  for  the  Kerberos  v5
     Security Mechanism


     The following lists all user mappings for  the  kerberos  v5
     security mechanism.


       example% gsscred -m kerberos_v5 -l



     Example 4 Listing All Mappings for  All  Security  Mechanism
     for a Specified User


     The following lists all mappings for all security mechanisms
     for the user bsimpson.


       example% gsscred -n bsimpson -l



EXIT STATUS
     The following exit values are returned:

     0     Successful completion.


     >0    An error occurred.


ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWgss                     |
    |_____________________________|_____________________________|
    | Interface Stability         | Evolving                    |
    |_____________________________|_____________________________|


SEE ALSO
     gssd(1m), gsscred.conf(4), attributes(5)


NOTES
     Some GSS mechanisms, such as kerberos_v5, provide their  own
     authenticated-name-to-local-name  (uid)  mapping and thus do
     not  usually  have  to  be   mapped   using   gsscred.   See
     gsscred.conf(4) for more information.










Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments