Query on the gsscred utility on Solaris..
alokgore at rediffmail.com
Tue Jun 22 07:25:54 EDT 2004
I had some very naive doubts abt the gsscred utility on Solaris.
As per the man page of gsscred
>> The gsscred utility is used to create and maintain a mapping
>> between a security principal name and a local UNIX uid. The
>> The gsscred table is used on server machines to lookup the
>> uid of incoming clients connected using RPCSEC_GSS.
But is it not mandatory to have the user entry in gsscred database to
get the mapping ?? Because this is working for me. This is what I did
I created gsscred database from the /etc/passwd file.
Then I added one user on the NFS client and the server(with same uid
on both teh machines). The mapping from Kerberos principal to uid is
going thru even though the entry for this new user is not present in
the gsscred database !!
Then I tried deleting the gsscred database (The /etc/gss/gsscred_db
file). The mapping goes thru even now. If that is the case, why do we
need the gsscred utility ?? Is it because the source of uids *may be*
something other that the passwd file (Like nis,nis+); which should not
be accessed because of security reasons to get the mapping ??
Am I missing something ??
Thanks in advance,
More information about the Kerberos