diff options
| author | Simo Sorce <simo@redhat.com> | 2013-08-20 21:28:04 -0400 |
|---|---|---|
| committer | Günther Deschner <gdeschner@redhat.com> | 2013-10-23 19:52:13 +0200 |
| commit | 649554391df40d51ae9339cd7e4a1d61f0dbe025 (patch) | |
| tree | 72f075f64e8fe6fae7f66acc15214df1863e44e2 /proxy/man | |
| parent | 485a2eb71d3a22c50a5be35318d421b451713ccb (diff) | |
| download | gss-proxy-649554391df40d51ae9339cd7e4a1d61f0dbe025.tar.gz gss-proxy-649554391df40d51ae9339cd7e4a1d61f0dbe025.tar.xz gss-proxy-649554391df40d51ae9339cd7e4a1d61f0dbe025.zip | |
Add impersonation support
By setting the impersonate flag to true, the acquisition of credentials will
be done using constrained delegation (s4uself + s4u2proxy).
To work this needs MIT Kereberos 1.11.4 or later.
Previous versions have a bug in the import_cred function that prevents the
library from properly importing previously exported delegated credentials.
Resolves: https://fedorahosted.org/gss-proxy/ticket/95
Reviewed-by: Günther Deschner <gdeschner@redhat.com>
Diffstat (limited to 'proxy/man')
| -rw-r--r-- | proxy/man/gssproxy.conf.5.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/proxy/man/gssproxy.conf.5.xml b/proxy/man/gssproxy.conf.5.xml index ddcb8d8..b0012b5 100644 --- a/proxy/man/gssproxy.conf.5.xml +++ b/proxy/man/gssproxy.conf.5.xml @@ -162,6 +162,14 @@ </varlistentry> <varlistentry> + <term>impersonate (boolean)</term> + <listitem> + <para>Use impersonation (s4u2self + s4u2proxy) to obtain credentials</para> + <para>Default: impersonate = false</para> + </listitem> + </varlistentry> + + <varlistentry> <term>kernel_nfsd (boolean)</term> <listitem> <para>Boolean flag that allows the Linux kernel to check if gssproxy is running (via <filename>/proc/net/rpc/use-gss-proxy</filename>).</para> |