Tree - source-git/gssproxy - CentOS Git server

source-git / gssproxy

Blame man/gssproxy-mech.8.xml

Blob History Raw

Packit	c61152
Packit	c61152
Packit	c61152	`"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">`
Packit	c61152	`<reference>`
Packit	c61152	`<title>GssProxy GSSAPI mechanism manual page</title>`
Packit	c61152	`<refentry>`
Packit	c61152	`<refentryinfo>`
Packit	c61152	`<productname>GSS Proxy</productname>`
Packit	c61152	`<orgname>GSS-Proxy - http://fedorahosted.org/gss-proxy</orgname>`
Packit	c61152	`</refentryinfo>`
Packit	c61152
Packit	c61152	`<refmeta>`
Packit	c61152	`<refentrytitle>gssproxy-mech</refentrytitle>`
Packit	c61152	`<manvolnum>8</manvolnum>`
Packit	c61152	`</refmeta>`
Packit	c61152
Packit	c61152	`<refnamediv id='name'>`
Packit	c61152	`<refname>gssproxy-mech</refname>`
Packit	c61152	`<refpurpose>GssProxy GSSAPI mechanism plugin</refpurpose>`
Packit	c61152	`</refnamediv>`
Packit	c61152
Packit	c61152	`<refsynopsisdiv id='synopsis'>`
Packit	c61152	`<cmdsynopsis>`
Packit	c61152	`<command>proxymech_v1 2.16.840.1.113730.3.8.15.1 /usr/lib64/gssproxy/proxymech.so </command>`
Packit	c61152	`<arg choice='opt'>`
Packit	c61152	`<replaceable>options</replaceable>`
Packit	c61152	`</arg>`
Packit	c61152	`</cmdsynopsis>`
Packit	c61152	`</refsynopsisdiv>`
Packit	c61152
Packit	c61152	`<refsect1 id='description'>`
Packit	c61152	`<title>DESCRIPTION</title>`
Packit	c61152	`<para>`
Packit	c61152	`The gssproxy proxymech module is a interposer plugin that is`
Packit	c61152	`loaded by GSSAPI. It is enabled by`
Packit	c61152	`<filename>/etc/gss/mech</filename> configuration file.`
Packit	c61152	`</para>`
Packit	c61152	`<para>`
Packit	c61152	`The interposer plugin allows to intercept the entire GSSAPI`
Packit	c61152	`communication and detour to the <command>gssproxy</command>`
Packit	c61152	`daemon. When the interposer plugin is installed two other`
Packit	c61152	`conditions need to be met in order to activate it:`
Packit	c61152	`</para>`
Packit	c61152	`<variablelist>`
Packit	c61152	`<varlistentry>`
Packit	c61152	`<term>a) interposer configuration file</term>`
Packit	c61152	`<listitem>`
Packit	c61152	`<para>The plugin needs to be manually enabled in the`
Packit	c61152	`<filename>/etc/gss/mech</filename> file.`
Packit	c61152	`</para>`
Packit	c61152	`</listitem>`
Packit	c61152	`</varlistentry>`
Packit	c61152	`<varlistentry>`
Packit	c61152	`<term>b) gssproxy environment variable</term>`
Packit	c61152	`<listitem>`
Packit	c61152	`<para>`
Packit	c61152	`The interposer plugin will not forward to the`
Packit	c61152	`gssproxy daemon unless the environment variable`
Packit	c61152	`named <emphasis>GSS_USE_PROXY=yes</emphasis> is set.`
Packit	c61152	`</para>`
Packit	c61152	`</listitem>`
Packit	c61152	`</varlistentry>`
Packit	c61152	`</variablelist>`
Packit	c61152	`<para>`
Packit	c61152	`Furthermore, the interposer plugin can be configured to behave in`
Packit	c61152	`different ways when called from the GSSAPI. This behavior is`
Packit	c61152	`controlled via the <emphasis>GSSPROXY_BEHAVIOR</emphasis>`
Packit	c61152	`environment variable. It accepts four different values:`
Packit	c61152	`</para>`
Packit	c61152	`<variablelist>`
Packit	c61152	`<varlistentry>`
Packit	c61152	`<term>LOCAL_ONLY</term>`
Packit	c61152	`<listitem>`
Packit	c61152	`<para>All commands received with this setting will cause`
Packit	c61152	`to immediately reenter the GSSAPI w/o any interaction`
Packit	c61152	`with the gssproxy daemon. When the request cannot be`
Packit	c61152	`processed it will just fail.`
Packit	c61152	`</para>`
Packit	c61152	`</listitem>`
Packit	c61152	`</varlistentry>`
Packit	c61152	`<varlistentry>`
Packit	c61152	`<term>LOCAL_FIRST</term>`
Packit	c61152	`<listitem>`
Packit	c61152	`<para>All commands received with this setting will cause`
Packit	c61152	`to immediately reenter the GSSAPI. When the local`
Packit	c61152	`GSSAPI cannot process the request, it will resend the`
Packit	c61152	`request to the gssproxy daemon.`
Packit	c61152	`</para>`
Packit	c61152	`</listitem>`
Packit	c61152	`</varlistentry>`
Packit	c61152	`<varlistentry>`
Packit	c61152	`<term>REMOTE_FIRST</term>`
Packit	c61152	`<listitem>`
Packit	c61152	`<para>All commands received with this setting will be`
Packit	c61152	`forwarded to the gssproxy daemon first. If the request`
Packit	c61152	`cannot be handled there, the request will reenter the`
Packit	c61152	`local GSSAPI.`
Packit	c61152	`</para>`
Packit	c61152	`</listitem>`
Packit	c61152	`</varlistentry>`
Packit	c61152	`<varlistentry>`
Packit	c61152	`<term>REMOTE_ONLY</term>`
Packit	c61152	`<listitem>`
Packit	c61152	`<para>This setting is currently not fully implemented and`
Packit	c61152	`therefor not supported.`
Packit	c61152	`</para>`
Packit	c61152	`</listitem>`
Packit	c61152	`</varlistentry>`
Packit	c61152	`</variablelist>`
Packit	c61152	`<para>`
Packit	c61152	`The default setting for <emphasis>GSSPROXY_BEHAVIOR</emphasis>`
Packit	c61152	`is LOCAL_FIRST.`
Packit	c61152	`</para>`
Packit	c61152
Packit	c61152	`<para>`
Packit	c61152	`Finally the interposer may need to use a special per-service`
Packit	c61152	`socket in order to communicate with gssproxy. The path to this`
Packit	c61152	`socket is set via the <emphasis>GSSPROXY_SOCKET</emphasis>`
Packit	c61152	`environment variable.`
Packit	c61152	`</para>`
Packit	c61152	`</refsect1>`
Packit	c61152
Packit	c61152	`<refsect1 id='see_also'>`
Packit	c61152	`<title>SEE ALSO</title>`
Packit	c61152	`<para>`
Packit	c61152	`<citerefentry>`
Packit	c61152	`<refentrytitle>gssproxy.conf</refentrytitle><manvolnum>5</manvolnum>`
Packit	c61152	`</citerefentry> and`
Packit	c61152	`<citerefentry>`
Packit	c61152	`<refentrytitle>gssproxy</refentrytitle><manvolnum>8</manvolnum>`
Packit	c61152	`</citerefentry>.`
Packit	c61152	`</para>`
Packit	c61152	`</refsect1>`
Packit	c61152	`</refentry>`
Packit	c61152	`</reference>`

source-git / gssproxy

Source Code

Blame man/gssproxy-mech.8.xml