blob: d8f9a0f4c52f40f57647912ccba2e0cc4bd1e7fa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
.\"
.\" rpc.gssd(8)
.\"
.\" Copyright (C) 2003 J. Bruce Fields <bfields@umich.edu>
.TH rpc.gssd 8 "17 Mar 2003"
.SH NAME
rpc.gssd \- rpcsec_gss daemon
.SH SYNOPSIS
.B "rpc.gssd [-f] [-k keytab] [-p pipefsdir] [-v]"
.SH DESCRIPTION
The rpcsec_gss protocol gives a means of using the gss-api generic security
api to provide security for protocols using rpc (in particular, nfs). Before
exchanging any rpc requests using rpcsec_gss, the rpc client must first
establish a security context. The linux kernel's implementation of rpcsec_gss
depends on the userspace daemon
.B rpc.gssd
to establish security contexts. The
.B rpc.gssd
daemon uses files in the rpc_pipefs filesystem to communicate with the kernel.
.SH OPTIONS
.TP
.B -f
Runs
.B rpc.gssd
in the foreground and sends output to stderr (as opposed to syslogd)
.TP
.B -k keytab
Tells
.B rpc.gssd
to use the keys for principals nfs/hostname in
.I keytab
to obtain machine credentials.
The default value is "/etc/krb5.keytab".
.\".TP
.\".B -m
.\"Ordinarily,
.\".B rpc.gssd
.\"looks for a cached ticket for user $UID in /tmp/krb5cc_$UID.
.\"With the -m option, the user with uid 0 will be treated specially, and will
.\"be mapped instead to the credentials for the principal nfs/hostname found in
.\"the keytab file.
.\"(This option is now the default and is ignored if specified.)
.TP
.B -p path
Tells
.B rpc.gssd
where to look for the rpc_pipefs filesystem. The default value is
"/var/lib/nfs/rpc_pipefs".
.TP
.B -v
Increases the verbosity of the output (can be specified multiple times).
.SH SEE ALSO
.BR rpc.svcgssd(8)
.SH AUTHORS
.br
Dug Song <dugsong@umich.edu>
.br
Andy Adamson <andros@umich.edu>
.br
Marius Aamodt Eriksen <marius@umich.edu>
.br
J. Bruce Fields <bfields@umich.edu>
|
