diff options
| author | Simo Sorce <simo@redhat.com> | 2013-11-16 17:27:52 -0500 |
|---|---|---|
| committer | Simo Sorce <simo@redhat.com> | 2013-11-16 17:28:51 -0500 |
| commit | 7236fc2ca3d9e2e6f0f0df125b29e5dc72934b8b (patch) | |
| tree | 3e1624c209b66e8ac9fd578b2968a972eed807ed | |
| parent | f2cd6b2fc3d766355fd3a53290696bf60bf04fb8 (diff) | |
| download | gss-proxy-libsshfixes.tar.gz gss-proxy-libsshfixes.tar.xz gss-proxy-libsshfixes.zip | |
man: Describe new flag filtering/enforcing optionslibsshfixes
| -rw-r--r-- | proxy/man/gssproxy.conf.5.xml | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/proxy/man/gssproxy.conf.5.xml b/proxy/man/gssproxy.conf.5.xml index b0012b5..0248412 100644 --- a/proxy/man/gssproxy.conf.5.xml +++ b/proxy/man/gssproxy.conf.5.xml @@ -162,6 +162,64 @@ </varlistentry> <varlistentry> + <term>enforce_flags (string)</term> + <listitem> + <para> + A list of GSS Request Flags that are added + unconditionally to every context initialization + call. + Flags can only be added to the list or removed + from the list by prepending a +/- sign to the + flag name or value. + </para> + <para> + Recognized flag names: DELEGATE, MUTUAL_AUTH, + REPLAY_DETECT, SEQUENCE, CONFIDENTIALITY, + INTEGRITY, ANOYMOUS + </para> + <para>Examples: +<programlisting> + <userinput moreinfo="none">enforce_flags = +REPLAY_DETECT</userinput> + <userinput moreinfo="none">enforce_flags = -0x0001</userinput> +</programlisting> + </para> + <para>Default: enforce_flags =</para> + </listitem> + </varlistentry> + + <varlistentry> + <term>filter_flags (string)</term> + <listitem> + <para> + A list of GSS Request Flags that are filtered + unconditionally from every context initialization + call. + Flags can only be added to the list or removed + from the list by prepending a +/- sign to the + flag name or value. + </para> + <para> + NOTE: Because often gssproxy is used to withold + access to credentials the Delegate Flag is filtered + by default. To allow a service to delegate + credentials use the first example below. + </para> + <para> + Recognized flag names: DELEGATE, MUTUAL_AUTH, + REPLAY_DETECT, SEQUENCE, CONFIDENTIALITY, + INTEGRITY, ANOYMOUS + </para> + <para>Examples: +<programlisting> + <userinput moreinfo="none">filter_flags = -DELEGATE</userinput> + <userinput moreinfo="none">filter_flags = -0x0001 +ANONYMOUS</userinput> +</programlisting> + </para> + <para>Default: filter_flags = +DELEGATE</para> + </listitem> + </varlistentry> + + <varlistentry> <term>impersonate (boolean)</term> <listitem> <para>Use impersonation (s4u2self + s4u2proxy) to obtain credentials</para> |