gss-proxy.git/proxy/man, branch impersonate Work on gss-proxy before it lands upstream Add impersonation support 2013-10-18T19:33:55+00:00 Simo Sorce simo@redhat.com 2013-08-21T01:28:04+00:00 a6568a4129a8d2d0461eaa0ddb2614824915acf9 By setting the impersonate flag to true, the acquisition of credentials will be done using constrained delegation (s4uself + s4u2proxy). To work this needs MIT Kereberos 1.11.4 or later. Previous versions have a bug in the import_cred function that prevents the library from properly importing previously exported delegated credentials. Resolves: https://fedorahosted.org/gss-proxy/ticket/95 
By setting the impersonate flag to true, the acquisition of credentials will
be done using constrained delegation (s4uself + s4u2proxy).

To work this needs MIT Kereberos 1.11.4 or later.
Previous versions have a bug in the import_cred function that prevents the
library from properly importing previously exported delegated credentials.

Resolves: https://fedorahosted.org/gss-proxy/ticket/95
docs: Fill in GSSPROXY_BEHAVIOR default setting from configure option. 2013-10-18T13:17:52+00:00 Günther Deschner gdeschner@redhat.com 2013-10-17T16:53:07+00:00 117ed0a24c47d91d7c0ba836b218f620195afd61 Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
docs: autogenerate proxymech manpage. 2013-10-18T13:17:47+00:00 Günther Deschner gdeschner@redhat.com 2013-10-17T15:17:24+00:00 a87ab15711b340e1f06cb4ae5534cc76add04e2c Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Fix documentation to match reality 2013-10-18T12:34:54+00:00 Simo Sorce simo@redhat.com 2013-10-15T19:48:04+00:00 19b50ccfbf759c9505e3f88c7a32b4e0f954cd2c LOCAL_FIRST is our default Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
LOCAL_FIRST is our default

Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Add service match using SeLinux Context 2013-07-02T14:17:23+00:00 Simo Sorce simo@redhat.com 2013-06-22T00:36:20+00:00 acc3b87b655cf7c6c0c7d698f5a5867b6732a69f Using getpeercon we can know the elinux context of the process talking to gssproxy. Use this information as an optional additional filter to match processes to service definitions. If a selinux_context option with a full user;role;type context is specified into a service section, then the connecting process must also be running under the specified selinux context in order to be allowed to connect. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
Using getpeercon we can know the elinux context of the process talking to
gssproxy. Use this information as an optional additional filter to match
processes to service definitions.
If a selinux_context option with a full user;role;type context is specified
into a service section, then the connecting process must also be running under
the specified selinux context in order to be allowed to connect.

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Fix documentation of "mechs" parameter in gssproxy.conf(5). 2013-05-16T10:11:43+00:00 Günther Deschner gdeschner@redhat.com 2013-05-16T08:46:42+00:00 43bdd26f90766957775b3bc49cd6f9f43af100a7 Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Fix typo in gssproxy.8 manpage 2013-04-23T19:45:35+00:00 Simo Sorce simo@redhat.com 2013-04-23T19:44:54+00:00 184db18523aea5000989240e6af84b0c77613788 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com> 
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Add new gssproxy-mech.8 manpage to describe the interposer plugin 2013-04-23T19:45:35+00:00 Günther Deschner gdeschner@redhat.com 2013-04-16T12:52:15+00:00 04426828329b1c1ad96ff76d453c69344a3565ef Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add more documentation in the gssproxy.conf manpage. 2013-04-23T19:45:35+00:00 Günther Deschner gdeschner@redhat.com 2013-04-11T14:44:18+00:00 fce2d59c622e77451cf622de157bb8d8a0588ef1 Document options, sections, substitutions and default values. Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Document options, sections, substitutions and default values.

Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
Add documentation for -d|--debug in gssproxy manpage. 2013-04-23T19:08:31+00:00 Günther Deschner gdeschner@redhat.com 2013-04-15T15:14:26+00:00 f867391c778bcddf7f0b57d3c1c020570e01effe Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Signed-off-by: Günther Deschner <gdeschner@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>