Query on the gsscred utility on Solaris..

Arun Perinkolam arunp at sun.com
Tue Jun 29 20:58:12 EDT 2004

> But is it not mandatory to have the user entry in gsscred database to
> get the mapping ?? Because this is working for me. This is what I did
> ...
> I created gsscred database from the /etc/passwd file.
> Then I added one user on the NFS client and the server(with same uid
> on both teh machines). The mapping from Kerberos principal to uid is
> going thru even though the entry for this new user is not present in
> the gsscred database !!
> Then I tried deleting the gsscred database (The /etc/gss/gsscred_db
> file). The mapping goes thru even now. If that is the case, why do we
> need the gsscred utility ?? Is it because the source of uids *may be*
> something other that the passwd file (Like nis,nis+); which should not

Yes, the users could be part of a NIS/NIS+/LDAP namespace.

Solaris 10 GSS (Kerberos) does not rely on the creation
of the gsscred table anymore. The Solaris 10 krb5 mechanism
does the user at REALM -> user -> uid mapping w/ the help
of the passwd table. If this fails, its backs off to
using the gsscred table (if present).

If you are on the Solaris Express program you should be seeing
this behavior.


> be accessed because of security reasons to get the mapping  ??
> Am I missing something ??
> Thanks in advance,
>  -Alok Gore.
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

More information about the Kerberos mailing list