summaryrefslogtreecommitdiffstats
path: root/utils/gssd/gssd.man
Commit message (Collapse)AuthorAgeFilesLines
* Allow any credential to be used for machine credentialsKevin Coffman2007-03-191-2/+10
| | | | | | | | | | Don't restrict machine credentials to be "nfs/<machine.name>". Use any usable credentials contained in the keytab file. [We actually attempt to use the first entry found for each realm, not every entry, in the keytab.] Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
* Add option to allow root to use credentials other than machine credentialsKevin Coffman2007-03-191-11/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | Add a new option ("-n") to rpc.gssd to indicate that accesses as root (uid 0) should not use machine credentials, but should instead use "normal" Kerberos credentials obtained by root. This change was prompted by a suggestion and patch from Daniel Muntz <Dan.Muntz@netapp.com>. That patch suggested trying "normal" credentials first and falling back to using machine creds for uid 0 if normal creds failed. This opens up the case where root may have credentials as "foo@REALM" and begins accessing files. Then the context using those credentials expires and must be renewed. If the credentials are now expired, then root's new context would fall back and be created with the machine credentials. Instead, this patch insists that the administrator choose to use either machine credentials for accesses by uid 0 (the default behavior, as it was before) or "normal" credentials. In the latter case, arrangements must be made to obtain credentials before attempting a mount. There should be no doubts which credentials are used for uid 0. Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Signed-off-by: Neil Brown <neilb@suse.de>
* Add option to specify directory to search for credentials cache filesneilbrown2006-03-281-1/+6
| | | | | | | | | From: Vince Busam <vbusam@google.com> Signed-off-by: Kevin Coffman <kwc@citi.umich.edu> Add command line option to specify which directory should be searched to find credentials caches. (really this time)
* Add option to set rpcsec_gss debugging level (if available)neilbrown2005-08-261-1/+5
| | | | | | | Changes to allow gssd/svcgssd to build when using Hiemdal Kerberos libraries. Note that there are still run-time issues preventing this from working when shared libraries for libgssapi and librpcsecgss are used.
* Add gss support from citi @ umichneilbrown2004-10-191-0/+63
generated by cgit (git 2.34.1) at 2025-09-26 20:43:36 +0000