GssProxy GSSAPI mechanism manual page
GSS Proxy
GSS-Proxy - http://fedorahosted.org/gss-proxy
gssproxy-mech
8
gssproxy-mech
GssProxy GSSAPI mechanism plugin
proxymech_v1 2.16.840.1.113730.3.8.15.1 /usr/lib64/gssproxy/proxymech.so
options
DESCRIPTION
The gssproxy proxymech module is a interposer plugin that is
loaded by GSSAPI. It is enabled by
/etc/gss/mech configuration file.
The interposer plugin allows to intercept the entire GSSAPI
communication and detour to the gssproxy
daemon. When the interposer plugin is installed two other
conditions need to be met in order to activate it:
a) interposer configuration file
The plugin needs to be manually enabled in the
/etc/gss/mech file.
b) gssproxy environment variable
The interposer plugin will not forward to the
gssproxy daemon unless the environment variable
named GSS_USE_PROXY=yes is set.
Furthermore, the interposer plugin can be configured to behave in
different ways when called from the GSSAPI. This behavior is
controlled via the GSSPROXY_BEHAVIOR
environment variable. It accepts four different values:
LOCAL_ONLY
All commands received with this setting will cause
to immediately reenter the GSSAPI w/o any interaction
with the gssproxy daemon. When the request cannot be
processed it will just fail.
LOCAL_FIRST
All commands received with this setting will cause
to immediately reenter the GSSAPI. When the local
GSSAPI cannot process the request, it will resend the
request to the gssproxy daemon.
REMOTE_FIRST
All commands received with this setting will be
forwarded to the gssproxy daemon first. If the request
cannot be handled there, the request will reenter the
local GSSAPI.
REMOTE_ONLY
This setting is currently not fully implemented and
therefor not supported.
The default setting for GSSPROXY_BEHAVIOR
is @GPP_DEFAULT_BEHAVIOR@.
Finally the interposer may need to use a special per-service
socket in order to communicate with gssproxy. The path to this
socket is set via the GSSPROXY_SOCKET
environment variable.
SEE ALSO
gssproxy.conf5
and
gssproxy8
.