gssproxy-mech(8)

1GSSPROXY-MECH(8)        GssProxy GSSAPI mechanism manu        GSSPROXY-MECH(8)
2
3
4

NAME

6       gssproxy-mech - GssProxy GSSAPI mechanism plugin
7

SYNOPSIS

9       proxymech_v1 2.16.840.1.113730.3.8.15.1
10                                                                                 /usr/lib64/gssproxy/proxymech.so
11                                                                                 [options]
12

DESCRIPTION

14       The gssproxy proxymech module is a interposer plugin that is loaded by
15       GSSAPI. It is enabled by /etc/gss/mech configuration file.
16
17       The interposer plugin allows to intercept the entire GSSAPI
18       communication and detour to the gssproxy daemon. When the interposer
19       plugin is installed two other conditions need to be met in order to
20       activate it:
21
22       a) interposer configuration file
23           The plugin needs to be manually enabled in the /etc/gss/mech file.
24
25       b) gssproxy environment variable
26           The interposer plugin will not forward to the gssproxy daemon
27           unless the environment variable named GSS_USE_PROXY=yes is set.
28
29       Furthermore, the interposer plugin can be configured to behave in
30       different ways when called from the GSSAPI. This behavior is controlled
31       via the GSSPROXY_BEHAVIOR environment variable. It accepts four
32       different values:
33
34       LOCAL_ONLY
35           All commands received with this setting will cause to immediately
36           reenter the GSSAPI w/o any interaction with the gssproxy daemon.
37           When the request cannot be processed it will just fail.
38
39       LOCAL_FIRST
40           All commands received with this setting will cause to immediately
41           reenter the GSSAPI. When the local GSSAPI cannot process the
42           request, it will resend the request to the gssproxy daemon.
43
44       REMOTE_FIRST
45           All commands received with this setting will be forwarded to the
46           gssproxy daemon first. If the request cannot be handled there, the
47           request will reenter the local GSSAPI.
48
49       REMOTE_ONLY
50           This setting is currently not fully implemented and therefor not
51           supported.
52
53       The default setting for GSSPROXY_BEHAVIOR is REMOTE_FIRST.
54
55       Finally the interposer may need to use a special per-service socket in
56       order to communicate with gssproxy. The path to this socket is set via
57       the GSSPROXY_SOCKET environment variable.
58

AUTHORS

63       GSS-Proxy - http://fedorahosted.org/gss-proxy
64
65
66
67GSS Proxy                         07/25/2019                  GSSPROXY-MECH(8)

NAME

SYNOPSIS

DESCRIPTION

SEE ALSO

AUTHORS