1GSSPROXY-MECH(8)        GssProxy GSSAPI mechanism manu        GSSPROXY-MECH(8)
2
3
4

NAME

6       gssproxy-mech - GssProxy GSSAPI mechanism plugin
7

SYNOPSIS

9       proxymech_v1 2.16.840.1.113730.3.8.15.1
10                                                                                 /usr/lib64/gssproxy/proxymech.so
11                                                                                 [options]
12

DESCRIPTION

14       The gssproxy proxymech module is a interposer plugin that is loaded by
15       GSSAPI. It is enabled by /etc/gss/mech configuration file.
16
17       The interposer plugin allows to intercept the entire GSSAPI
18       communication and detour to the gssproxy daemon. When the interposer
19       plugin is installed two other conditions need to be met in order to
20       activate it:
21
22       a) interposer configuration file
23           The plugin needs to be manually enabled in the /etc/gss/mech file.
24
25       b) gssproxy environment variable
26           With default build options the interposer plugin will not forward
27           to the gssproxy daemon unless the environment variable named
28           GSS_USE_PROXY=yes is set.
29
30           This behavior default may be controlled at build time and can be
31           set to always forward unless the environment variable is set to
32           GSS_USE_PROXY=no
33
34           The current setting for always forwarding is: false
35
36       Furthermore, the interposer plugin can be configured to behave in
37       different ways when called from the GSSAPI. This behavior is controlled
38       via the GSSPROXY_BEHAVIOR environment variable. It accepts four
39       different values:
40
41       LOCAL_ONLY
42           All commands received with this setting will cause to immediately
43           reenter the GSSAPI w/o any interaction with the gssproxy daemon.
44           When the request cannot be processed it will just fail.
45
46       LOCAL_FIRST
47           All commands received with this setting will cause to immediately
48           reenter the GSSAPI. When the local GSSAPI cannot process the
49           request, it will resend the request to the gssproxy daemon.
50
51       REMOTE_FIRST
52           All commands received with this setting will be forwarded to the
53           gssproxy daemon first. If the request cannot be handled there, the
54           request will reenter the local GSSAPI.
55
56       REMOTE_ONLY
57           This setting is currently not fully implemented and therefor not
58           supported.
59
60       The default setting for GSSPROXY_BEHAVIOR is REMOTE_FIRST.
61
62       Finally the interposer may need to use a special per-service socket in
63       order to communicate with gssproxy. The path to this socket is set via
64       the GSSPROXY_SOCKET environment variable.
65

SEE ALSO

67       gssproxy.conf(5) and gssproxy(8).
68

AUTHORS

70       GSS-Proxy - http://fedorahosted.org/gss-proxy
71
72
73
74GSS Proxy                         07/21/2022                  GSSPROXY-MECH(8)
Impressum