2.2.7 Disable Generic Security Services (GSS) daemons - Make sure that /network/rpc/gss is disabled

Information

The GSS API is a security abstraction layer that is designed to make it easier for developers to integrate with different authentication schemes. It is most commonly used in applications for sites that use Kerberos for network authentication, though it can also allow applications to interoperate with other authentication schemes.

Note - Since this service uses Oracle's standard RPC mechanism, it is important that the system's RPC portmapper (rpcbind) also be enabled when this service is turned on. This daemon will be taken offline if rpcbind is disabled. For more information see Item 2.3.14.

Solution

To disable the GSS API, run the following command-
svcadm disable svc:/network/rpc/gss

See Also

https://workbench.cisecurity.org/files/614