summaryrefslogtreecommitdiffstats
path: root/proxy/examples/gssproxy.conf.in
Commit message (Collapse)AuthorAgeFilesLines
* Add HTTP service and move NFS into its own conf fileRobbie Harwood (frozencemetery)2015-09-041-18/+0
| | | | | Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Fix configuration file substitutionsSimo Sorce2015-03-301-2/+2
| | | | | | | Fixes: https://fedorahosted.org/gss-proxy/ticket/138 Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Lukas Slebodnik <lslebodn@redhat.com>
* Add option to specify allowed usage.Simo Sorce2013-10-181-0/+1
| | | | | | | | | | Credentials can often be used both to accept and to initiate contexts. With this option admins can allow a specific usage only. This is to avoid allowing an unprivileged process to fool a remote client by allowing it to impersonate a server, when we only want to allow this service to use credentials to initiate contexts. Reviewed-by: Günther Deschner <gdeschner@redhat.com
* Allow arbitrary users to connect to a serviceSimo Sorce2013-10-181-0/+1
| | | | | | | | | | | The rpc.gssd daemon is changing to fork and change uid to the unprivileged user it wants to authenticate, this means gssproxy needs to allow connection from any euid. When this is done though, the trusted flag needs to be dropped, if the connecting euid does not match the default trusted uid to prevent improper impersonation. Resolves: https://fedorahosted.org/gss-proxy/ticket/103 Reviewed-by: Günther Deschner <gdeschner@redhat.com
* Split nfs server and client servicesSimo Sorce2013-06-211-3/+8
| | | | | | | | | | | | | | The NFS server uses a special socket for the kernel communication. Split configuration in 2 distinct services so we can use specific options that may be different between server and client. The 3 main differences so far are: 1. socket: default for client, custom for server 2. kernel_nfd option only for server 3. ccache and client keytab options only for client Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
* Fix nfsd socketSimo Sorce2013-06-061-0/+1
| | | | | | | | | | | The Kernel expect the knfsd socket in a specific plce that is not where our standard socket is created. Add a knfsd specific socket in the default configuration. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com> Resolves: https://fedorahosted.org/gss-proxy/ticket/93
* Add --with-gpstate-path=PATH configure switch.Günther Deschner2013-05-061-2/+2
| | | | | Signed-off-by: Günther Deschner <gdeschner@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Improve default configuration.Simo Sorce2013-04-231-0/+11
Install by default working nfs configuration. For RPM also install by default file to configure interposer plugin. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Günther Deschner <gdeschner@redhat.com>
generated by cgit (git 2.34.1) at 2024-11-16 01:19:11 +0000