gsscred man page on Solaris

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
Solaris logo
[printable version]

gsscred(1M)		System Administration Commands		   gsscred(1M)

NAME
       gsscred - add, remove, and list gsscred table entries

SYNOPSIS
       gsscred [-n user [-o oid] [-u uid]] [-c comment] -m mech -a

       gsscred [-n user [-o oid]] [-u uid] [-m mech] -r

       gsscred [-n user [-o oid]] [-u uid] [-m mech] -l


DESCRIPTION
       The  gsscred utility is used to create and maintain a mapping between a
       security principal name and a local UNIX uid. The format	 of  the  user
       name  is assumed to be GSS_C_NT_USER_NAME. You can use the -o option to
       specify the object identifier of the name type. The OID must be	speci‐
       fied in dot-separated notation, for example: 1.2.3.45464.3.1

       The  gsscred  table  is	used  on  server machines to lookup the uid of
       incoming clients connected using RPCSEC_GSS.

       When adding users, if no user name is specified, an entry is created in
       the  table for each user from the passwd table. If no comment is speci‐
       fied, the gsscred utility inserts a comment  that  specifies  the  user
       name  as an ASCII string and the GSS-APIsecurity mechanism that applies
       to it. The security mechanism  will  be	in  string  representation  as
       defined in the /etc/gss/mech file.

       The  parameters	are interpreted the same way by the gsscred utility to
       delete users as they are to create users. At least one of the following
       options	must  be specified: -n, -u, or -m. If no security mechanism is
       specified, then all entries will be deleted for the user identified  by
       either  the  uid or user name. If only the security mechanism is speci‐
       fied, then all  user  entries  for  that	 security  mechanism  will  be
       deleted.

       Again, the parameters are interpreted the same way by the gsscred util‐
       ity to search for users as they are to create users. If no options  are
       specified,  then	 the entire table is returned. If the user name or uid
       is specified, then all entries for that user are returned. If  a	 secu‐
       rity  mechanism	is  specified, then all user entries for that security
       mechanism are returned.

OPTIONS
       -a	     Add a table entry.

       -c comment    Insert comment about this table entry.

       -l	     Search table for entry.

       -m mech	     Specify the mechanism for which this name is to be trans‐
		     lated.

       -n user	     Specify the optional principal name.

       -o oid	     Specify the OID indicating the name type of the user.

       -r	     Remove the entry from the table.

       -u uid	     Specify the uid for the user if the user is not local.

EXAMPLES
       Example	1 Creating a gsscred Table for the Kerberos v5 Security Mecha‐
       nism

       The following shows how to create a gsscred table for the  kerberos  v5
       security	 mechanism.  gsscred  obtains  user  names  and uid's from the
       passwd table to populate the table.

	 example% gsscred -m kerberos_v5 -a

       Example 2 Adding an Entry for root/host1 for the Kerberos  v5  Security
       Mechanism

       The following shows how to add an entry for root/host1 with a specified
       uid of 0 for the kerberos v5 security mechanism.

	 example% gsscred -m kerberos_v5 -n root/host1 -u 0 -a

       Example 3 Listing All User Mappings for the Kerberos v5 Security Mecha‐
       nism

       The  following  lists  all  user	 mappings for the kerberos v5 security
       mechanism.

	 example% gsscred -m kerberos_v5 -l

       Example 4 Listing All Mappings for All Security Mechanism for a	Speci‐
       fied User

       The  following  lists  all mappings for all security mechanisms for the
       user bsimpson.

	 example% gsscred -n bsimpson -l


EXIT STATUS
       The following exit values are returned:

       0     Successful completion.

       >0    An error occurred.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │SUNWgss			   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │Evolving			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       gssd(1m), gsscred.conf(4), attributes(5)

NOTES
       Some GSS mechanisms, such as kerberos_v5, provide their	own  authenti‐
       cated-name-to-local-name	 (uid) mapping and thus do not usually have to
       be mapped using gsscred. See gsscred.conf(4) for more information.

SunOS 5.10			  11 Feb 2004			   gsscred(1M)
[top]

List of man pages available for Solaris

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net