From 7236fc2ca3d9e2e6f0f0df125b29e5dc72934b8b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sat, 16 Nov 2013 17:27:52 -0500 Subject: man: Describe new flag filtering/enforcing options --- proxy/man/gssproxy.conf.5.xml | 58 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) (limited to 'proxy/man/gssproxy.conf.5.xml') diff --git a/proxy/man/gssproxy.conf.5.xml b/proxy/man/gssproxy.conf.5.xml index b0012b5..0248412 100644 --- a/proxy/man/gssproxy.conf.5.xml +++ b/proxy/man/gssproxy.conf.5.xml @@ -161,6 +161,64 @@ + + enforce_flags (string) + + + A list of GSS Request Flags that are added + unconditionally to every context initialization + call. + Flags can only be added to the list or removed + from the list by prepending a +/- sign to the + flag name or value. + + + Recognized flag names: DELEGATE, MUTUAL_AUTH, + REPLAY_DETECT, SEQUENCE, CONFIDENTIALITY, + INTEGRITY, ANOYMOUS + + Examples: + + enforce_flags = +REPLAY_DETECT + enforce_flags = -0x0001 + + + Default: enforce_flags = + + + + + filter_flags (string) + + + A list of GSS Request Flags that are filtered + unconditionally from every context initialization + call. + Flags can only be added to the list or removed + from the list by prepending a +/- sign to the + flag name or value. + + + NOTE: Because often gssproxy is used to withold + access to credentials the Delegate Flag is filtered + by default. To allow a service to delegate + credentials use the first example below. + + + Recognized flag names: DELEGATE, MUTUAL_AUTH, + REPLAY_DETECT, SEQUENCE, CONFIDENTIALITY, + INTEGRITY, ANOYMOUS + + Examples: + + filter_flags = -DELEGATE + filter_flags = -0x0001 +ANONYMOUS + + + Default: filter_flags = +DELEGATE + + + impersonate (boolean) -- cgit