gssproxy-mech

GSSPROXY-MECH(8)        GssProxy GSSAPI mechanism manu        GSSPROXY-MECH(8)



NAME
       gssproxy-mech - GssProxy GSSAPI mechanism plugin

SYNOPSIS
       proxymech_v1 2.16.840.1.113730.3.8.15.1
                                                                                 /usr/lib64/gssproxy/proxymech.so
                                                                                 [options]

DESCRIPTION
       The gssproxy proxymech module is a interposer plugin that is loaded by
       GSSAPI. It is enabled by /etc/gss/mech configuration file.

       The interposer plugin allows to intercept the entire GSSAPI
       communication and detour to the gssproxy daemon. When the interposer
       plugin is installed two other conditions need to be met in order to
       activate it:

       a) interposer configuration file
           The plugin needs to be manually enabled in the /etc/gss/mech file.

       b) gssproxy environment variable
           The interposer plugin will not forward to the gssproxy daemon
           unless the environment variable named GSS_USE_PROXY=yes is set.

       Furthermore, the interposer plugin can be configured to behave in
       different ways when called from the GSSAPI. This behavior is controlled
       via the GSSPROXY_BEHAVIOR environment variable. It accepts four
       different values:

       LOCAL_ONLY
           All commands received with this setting will cause to immediately
           reenter the GSSAPI w/o any interaction with the gssproxy daemon.
           When the request cannot be processed it will just fail.

       LOCAL_FIRST
           All commands received with this setting will cause to immediately
           reenter the GSSAPI. When the local GSSAPI cannot process the
           request, it will resend the request to the gssproxy daemon.

       REMOTE_FIRST
           All commands received with this setting will be forwarded to the
           gssproxy daemon first. If the request cannot be handled there, the
           request will reenter the local GSSAPI.

       REMOTE_ONLY
           This setting is currently not fully implemented and therefor not
           supported.

       The default setting for GSSPROXY_BEHAVIOR is REMOTE_FIRST.

       Finally the interposer may need to use a special per-service socket in
       order to communicate with gssproxy. The path to this socket is set via
       the GSSPROXY_SOCKET environment variable.

SEE ALSO
       gssproxy.conf(5) and gssproxy(8).

AUTHORS
       GSS-Proxy - http://fedorahosted.org/gss-proxy



GSS Proxy                         12/09/2019                  GSSPROXY-MECH(8)