From c8386418a754211da5ddf5469a0f1c0fddf21240 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 16 Nov 2013 17:27:52 -0500 Subject: man: Describe new flag filtering/enforcing options MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://fedorahosted.org/gss-proxy/ticket/109 Reviewed-by: Günther Deschner --- proxy/man/gssproxy.conf.5.xml | 58 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/proxy/man/gssproxy.conf.5.xml b/proxy/man/gssproxy.conf.5.xml index b0012b5..b4d5add 100644 --- a/proxy/man/gssproxy.conf.5.xml +++ b/proxy/man/gssproxy.conf.5.xml @@ -161,6 +161,64 @@ + + enforce_flags (string) + + + A list of GSS Request Flags that are added + unconditionally to every context initialization + call. + Flags can only be added to the list or removed + from the list by prepending a +/- sign to the + flag name or value. + + + Recognized flag names: DELEGATE, MUTUAL_AUTH, + REPLAY_DETECT, SEQUENCE, CONFIDENTIALITY, + INTEGRITY, ANONYMOUS + + Examples: + + enforce_flags = +REPLAY_DETECT + enforce_flags = -0x0001 + + + Default: enforce_flags = + + + + + filter_flags (string) + + + A list of GSS Request Flags that are filtered + unconditionally from every context initialization + call. + Flags can only be added to the list or removed + from the list by prepending a +/- sign to the + flag name or value. + + + NOTE: Because often gssproxy is used to withold + access to credentials the Delegate Flag is filtered + by default. To allow a service to delegate + credentials use the first example below. + + + Recognized flag names: DELEGATE, MUTUAL_AUTH, + REPLAY_DETECT, SEQUENCE, CONFIDENTIALITY, + INTEGRITY, ANONYMOUS + + Examples: + + filter_flags = -DELEGATE + filter_flags = -0x0001 +ANONYMOUS + + + Default: filter_flags = +DELEGATE + + + impersonate (boolean) -- cgit