diff options
author | Nicolas Williams <nico@cryptonector.com> | 2011-11-10 15:30:01 -0600 |
---|---|---|
committer | Nicolas Williams <nico@cryptonector.com> | 2011-11-10 15:30:01 -0600 |
commit | e0c275cc057ec4cbbb59a182751a3ed61a2e7d9c (patch) | |
tree | 7a945e8c3f1bb93ab38bfb2741cf1a1f361e235c /README | |
parent | 1bbfe0dbbfb29a100eb6c124761cea31ca397e20 (diff) | |
download | gss-proxy-e0c275cc057ec4cbbb59a182751a3ed61a2e7d9c.tar.gz gss-proxy-e0c275cc057ec4cbbb59a182751a3ed61a2e7d9c.tar.xz gss-proxy-e0c275cc057ec4cbbb59a182751a3ed61a2e7d9c.zip |
Change style, add README file
Diffstat (limited to 'README')
-rw-r--r-- | README | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -0,0 +1,17 @@ + +This is the gss-proxy project. + +The goal is to have a GSS-API proxy, with standardizable protocol and a +[somewhat portable] reference client and server implementation. There +are several motivations for this some of which are: + + - Kernel-mode GSS-API applications (CIFS, NFS, AFS, ...) need to be + able to leave all complexity of GSS_Init/Accept_sec_context() out of + the kernel by upcalling to a daemon that does all the dirty work. + + - Isolation and privilege separation for user-mode applications. For + example: letting HTTP servers use but not see the keytabe entries for + HTTP/* principals for accepting security contexts. + + - Possibly an ssh-agent-like SSH agent for GSS credentials -- a + gss-agent. |