GSSCRED(8) Maintenance Commands and Procedures GSSCRED(8)
NAME
gsscred - add, remove, and list gsscred table entries
SYNOPSIS
gsscred [
-n user [
-o oid] [
-u uid]] [
-c comment]
-m mech -a gsscred [
-n user [
-o oid]] [
-u uid] [
-m mech]
-r gsscred [
-n user [
-o oid]] [
-u uid] [
-m mech]
-lDESCRIPTION
The
gsscred utility is used to create and maintain a mapping between a
security principal name and a local UNIX
uid. The format of the user name
is assumed to be
GSS_C_NT_USER_NAME. You can use the
-o option to specify
the object identifier of the
name type. The
OID must be specified in dot-
separated notation, for example:
1.2.3.45464.3.1 The
gsscred table is used on server machines to lookup the
uid of
incoming clients connected using
RPCSEC_GSS.
When adding users, if no
user name is specified, an entry is created in
the table for each user from the
passwd table. If no
comment is
specified, the
gsscred utility inserts a comment that specifies the user
name as an
ASCII string and the
GSS-APIsecurity mechanism that applies to
it. The security mechanism will be in string representation as defined in
the
/etc/gss/mech file.
The parameters are interpreted the same way by the
gsscred utility to
delete users as they are to create users. At least one of the following
options must be specified:
-n,
-u, or
-m. If no security mechanism is
specified, then all entries will be deleted for the user identified by
either the
uid or
user name. If only the security mechanism is specified,
then all
user entries for that security mechanism will be deleted.
Again, the parameters are interpreted the same way by the
gsscred utility
to search for users as they are to create users. If no options are
specified, then the entire table is returned. If the
user name or
uid is
specified, then all entries for that
user are returned. If a security
mechanism is specified, then all
user entries for that security mechanism
are returned.
OPTIONS
-a Add a table entry.
-c comment Insert comment about this table entry.
-l Search table for entry.
-m mech Specify the mechanism for which this name is to be
translated.
-n user Specify the optional principal name.
-o oid Specify the OID indicating the name type of the user.
-r Remove the entry from the table.
-u uid Specify the
uid for the
user if the
user is not local.
EXAMPLES
Example 1: Creating a gsscred Table for the Kerberos v5 Security Mechanism
The following shows how to create a
gsscred table for the kerberos v5
security mechanism.
gsscred obtains
user names and
uid's from the
passwd table to populate the table.
example%
gsscred -m kerberos_v5 -a Example 2: Adding an Entry for root/host1 for the Kerberos v5 Security
Mechanism
The following shows how to add an entry for
root/host1 with a specified
uid of
0 for the kerberos v5 security mechanism.
example%
gsscred -m kerberos_v5 -n root/host1 -u 0 -a Example 3: Listing All User Mappings for the Kerberos v5 Security
Mechanism
The following lists all user mappings for the kerberos v5 security
mechanism.
example%
gsscred -m kerberos_v5 -l Example 4: Listing All Mappings for All Security Mechanism for a Specified
User
The following lists all mappings for all security mechanisms for the user
bsimpson.
example%
gsscred -n bsimpson -lEXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
ATTRIBUTES
See
attributes(7) for descriptions of the following attributes:
+--------------------+-----------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-----------------+
|Interface Stability | Evolving |
+--------------------+-----------------+
SEE ALSO
gsscred.conf(5),
attributes(7),
gssd(8)NOTES
Some GSS mechanisms, such as
kerberos_v5, provide their own
authenticated-name-to-local-name (uid) mapping and thus do not usually
have to be mapped using
gsscred. See
gsscred.conf(5) for more
information.
February 11, 2004
GSSCRED(8)