diff options
| -rw-r--r-- | proxy/man/gssproxy.conf.5.xml | 10 | ||||
| -rw-r--r-- | proxy/src/gp_config.c | 7 | ||||
| -rw-r--r-- | proxy/src/gp_proxy.h | 1 |
3 files changed, 18 insertions, 0 deletions
diff --git a/proxy/man/gssproxy.conf.5.xml b/proxy/man/gssproxy.conf.5.xml index 9238aa6..4c64fba 100644 --- a/proxy/man/gssproxy.conf.5.xml +++ b/proxy/man/gssproxy.conf.5.xml @@ -139,6 +139,16 @@ </varlistentry> <varlistentry> + <term>impersonate (boolean)</term> + <listitem> + <para>Boolean flag that controls impersonation behavior.</para> + <para>If activated, gssproxy will try to acquire tickets on behalf of users. + This is useful, if there are no client keytabs available on the system.</para> + <para>Default: impersonate = false</para> + </listitem> + </varlistentry> + + <varlistentry> <term>kernel_nfsd (boolean)</term> <listitem> <para>Boolean flag that allows the Linux kernel to check if gssproxy is running (via <filename>/proc/net/rpc/use-gss-proxy</filename>).</para> diff --git a/proxy/src/gp_config.c b/proxy/src/gp_config.c index 1b676d3..ac5197c 100644 --- a/proxy/src/gp_config.c +++ b/proxy/src/gp_config.c @@ -194,6 +194,13 @@ static int load_services(struct gp_config *cfg, struct gp_ini_context *ctx) } } + ret = gp_config_get_string(ctx, secname, "impersonate", &value); + if (ret == 0) { + if (gp_boolean_is_true(value)) { + cfg->svcs[n]->impersonate = true; + } + } + ret = gp_config_get_string(ctx, secname, "socket", &value); if (ret == 0) { cfg->svcs[n]->socket = strdup(value); diff --git a/proxy/src/gp_proxy.h b/proxy/src/gp_proxy.h index dc7aada..47fbdba 100644 --- a/proxy/src/gp_proxy.h +++ b/proxy/src/gp_proxy.h @@ -51,6 +51,7 @@ struct gp_service { uid_t euid; bool trusted; bool kernel_nfsd; + bool impersonate; char *socket; uint32_t mechs; |