'\" te
.\" Copyright (c) 1998, Sun Microsystems, Inc. All Rights Reserved
.TH gsscred 1M "11 Feb 2004" "SunOS 5.11" "System Administration Commands"
.SH NAME
gsscred \- add, remove, and list gsscred table entries
.SH SYNOPSIS
.LP
.nf
\fBgsscred\fR [\fB-n\fR \fIuser\fR [\fB-o\fR \fIoid\fR] [\fB-u\fR \fIuid\fR]] [\fB-c\fR \fIcomment\fR] \fB-m\fR \fImech\fR \fB-a\fR
.fi

.LP
.nf
\fBgsscred\fR [\fB-n\fR \fIuser\fR [\fB-o\fR \fIoid\fR]] [\fB-u\fR \fIuid\fR] [\fB-m\fR \fImech\fR] \fB-r\fR
.fi

.LP
.nf
\fBgsscred\fR [\fB-n\fR \fIuser\fR [\fB-o\fR \fIoid\fR]] [\fB-u\fR \fIuid\fR] [\fB-m\fR \fImech\fR] \fB-l\fR
.fi

.SH DESCRIPTION
.sp
.LP
The \fBgsscred\fR utility is used to create and maintain a mapping between a security principal name and a local UNIX \fIuid\fR. The format of the user name is assumed to be \fBGSS_C_NT_USER_NAME\fR. You can use the \fB-o\fR option to specify the object identifier of the \fIname\fR type. The \fBOID\fR must be specified in dot-separated notation, for example: \fB1.2.3.45464.3.1\fR
.sp
.LP
The \fBgsscred\fR table is used on server machines to lookup the \fIuid\fR of incoming clients connected using \fBRPCSEC_GSS\fR.
.sp
.LP
When adding users, if no \fIuser\fR name is specified, an entry is created in the table for each user from the \fBpasswd\fR table. If no \fIcomment\fR is specified, the \fBgsscred\fR utility inserts a comment that specifies the user name as an \fBASCII\fR string and the \fBGSS-API\fRsecurity mechanism that applies to it. The security mechanism will be in string representation as defined in the \fB/etc/gss/mech\fR file.
.sp
.LP
The parameters are interpreted the same way by the \fBgsscred\fR utility to delete users as they are to create users. At least one of the following options must be specified: \fB-n\fR, \fB-u\fR, or \fB-m\fR. If no security mechanism is specified, then all entries will be deleted for the user identified by either the \fIuid\fR or \fIuser\fR name. If only the security mechanism is specified, then all \fIuser\fR entries for that security mechanism will be deleted.
.sp
.LP
Again, the parameters are interpreted the same way by the \fBgsscred\fR utility to search for users as they are to create users. If no options are specified, then the entire table is returned. If the \fIuser\fR name or \fIuid\fR is specified, then all entries for that \fIuser\fR are returned. If a security mechanism is specified, then all \fIuser\fR entries for that security mechanism are returned.
.SH OPTIONS
.sp
.ne 2
.mk
.na
\fB\fB-a\fR\fR
.ad
.RS 14n
.rt  
Add a table entry.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-c\fR \fIcomment\fR\fR
.ad
.RS 14n
.rt  
Insert comment about this table entry.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-l\fR\fR
.ad
.RS 14n
.rt  
Search table for entry.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-m\fR \fImech\fR\fR
.ad
.RS 14n
.rt  
Specify the mechanism for which this name is to be translated.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-n\fR \fIuser\fR\fR
.ad
.RS 14n
.rt  
Specify the optional principal name.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-o\fR \fIoid\fR\fR
.ad
.RS 14n
.rt  
Specify the OID indicating the name type of the user.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-r\fR\fR
.ad
.RS 14n
.rt  
Remove the entry from the table.
.RE

.sp
.ne 2
.mk
.na
\fB\fB-u\fR \fIuid\fR\fR
.ad
.RS 14n
.rt  
Specify the \fIuid\fR for the \fIuser\fR if the \fIuser\fR is not local.
.RE

.SH EXAMPLES
.LP
\fBExample 1 \fRCreating a \fBgsscred\fR Table for the Kerberos v5 Security Mechanism
.sp
.LP
The following shows how to create a \fBgsscred\fR table for the kerberos v5 security mechanism. \fBgsscred\fR obtains \fIuser\fR names and \fIuid\fR's from the \fBpasswd\fR table to populate the table.

.sp
.in +2
.nf
example% \fBgsscred -m kerberos_v5 -a\fR
.fi
.in -2
.sp

.LP
\fBExample 2 \fRAdding an Entry for \fBroot/host1\fR for the Kerberos v5 Security Mechanism
.sp
.LP
The following shows how to add an entry for \fBroot/host1\fR with a specified \fIuid\fR of \fB0\fR for the kerberos v5 security mechanism.

.sp
.in +2
.nf
example% \fBgsscred -m kerberos_v5 -n root/host1 -u 0 -a\fR
.fi
.in -2
.sp

.LP
\fBExample 3 \fRListing All User Mappings for the Kerberos v5 Security Mechanism
.sp
.LP
The following lists all user mappings for the kerberos v5 security mechanism.

.sp
.in +2
.nf
example% \fBgsscred -m kerberos_v5 -l\fR
.fi
.in -2
.sp

.LP
\fBExample 4 \fRListing All Mappings for All Security Mechanism for a Specified User
.sp
.LP
The following lists all mappings for all security mechanisms for the user \fBbsimpson\fR. 

.sp
.in +2
.nf
example% \fBgsscred -n bsimpson -l\fR
.fi
.in -2
.sp

.SH EXIT STATUS
.sp
.LP
The following exit values are returned:
.sp
.ne 2
.mk
.na
\fB\fB0\fR\fR
.ad
.RS 6n
.rt  
Successful completion. 
.RE

.sp
.ne 2
.mk
.na
\fB>\fB0\fR\fR
.ad
.RS 6n
.rt  
An error occurred.
.RE

.SH ATTRIBUTES
.sp
.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp

.sp
.TS
tab() box;
cw(2.75i) |cw(2.75i) 
lw(2.75i) |lw(2.75i) 
.
ATTRIBUTE TYPEATTRIBUTE VALUE
_
Availabilitysystem/library/security/gss
_
Interface StabilityCommitted
.TE

.SH SEE ALSO
.sp
.LP
\fBgssd\fR(1M), \fBgsscred.conf\fR(4), \fBattributes\fR(5)
.SH NOTES
.sp
.LP
Some GSS mechanisms, such as \fBkerberos_v5\fR, provide their own authenticated-name-to-local-name (uid) mapping and thus do not usually have to be mapped using \fBgsscred\fR. See \fBgsscred.conf\fR(4) for more information.