1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<reference>
<title>GssProxy GSSAPI mechanism manual page</title>
<refentry>
<refentryinfo>
<productname>GSS Proxy</productname>
<orgname>GSS-Proxy - http://fedorahosted.org/gss-proxy</orgname>
</refentryinfo>
<refmeta>
<refentrytitle>gssproxy-mech</refentrytitle>
<manvolnum>8</manvolnum>
</refmeta>
<refnamediv id='name'>
<refname>gssproxy-mech</refname>
<refpurpose>GssProxy GSSAPI mechanism plugin</refpurpose>
</refnamediv>
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>proxymech_v1 2.16.840.1.113730.3.8.15.1 /usr/lib64/gssproxy/proxymech.so </command>
<arg choice='opt'>
<replaceable>options</replaceable>
</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'>
<title>DESCRIPTION</title>
<para>
The gssproxy proxymech module is a interposer plugin that is
loaded by GSSAPI. It is enabled by
<filename>/etc/gss/mech</filename> configuration file.
</para>
<para>
The interposer plugin allows one to intercept the entire GSSAPI
communication and detour to the <command>gssproxy</command>
daemon. When the interposer plugin is installed two other
conditions need to be met in order to activate it:
</para>
<variablelist>
<varlistentry>
<term>a) interposer configuration file</term>
<listitem>
<para>The plugin needs to be manually enabled in the
<filename>/etc/gss/mech</filename> file.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>b) gssproxy environment variable</term>
<listitem>
<para>
With default build options the interposer plugin will
not forward to the gssproxy daemon unless the
environment variable named <emphasis>GSS_USE_PROXY=yes
</emphasis> is set.
</para>
<para>
This behavior default may be controlled at build time
and can be set to always forward unless the environment
variable is set to <emphasis>GSS_USE_PROXY=no
</emphasis>
</para>
<para>The current setting for always forwarding is:
@GPP_ALWAYS_FORWARD@
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
Furthermore, the interposer plugin can be configured to behave in
different ways when called from the GSSAPI. This behavior is
controlled via the <emphasis>GSSPROXY_BEHAVIOR</emphasis>
environment variable. It accepts four different values:
</para>
<variablelist>
<varlistentry>
<term>LOCAL_ONLY</term>
<listitem>
<para>All commands received with this setting will cause
to immediately reenter the GSSAPI w/o any interaction
with the gssproxy daemon. When the request cannot be
processed it will just fail.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>LOCAL_FIRST</term>
<listitem>
<para>All commands received with this setting will cause
to immediately reenter the GSSAPI. When the local
GSSAPI cannot process the request, it will resend the
request to the gssproxy daemon.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>REMOTE_FIRST</term>
<listitem>
<para>All commands received with this setting will be
forwarded to the gssproxy daemon first. If the request
cannot be handled there, the request will reenter the
local GSSAPI.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>REMOTE_ONLY</term>
<listitem>
<para>This setting is currently not fully implemented and
therefore not supported.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
The default setting for <emphasis>GSSPROXY_BEHAVIOR</emphasis>
is @GPP_DEFAULT_BEHAVIOR@.
</para>
<para>
Finally the interposer may need to use a special per-service
socket in order to communicate with gssproxy. The path to this
socket is set via the <emphasis>GSSPROXY_SOCKET</emphasis>
environment variable.
</para>
</refsect1>
<refsect1 id='see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>gssproxy.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry> and
<citerefentry>
<refentrytitle>gssproxy</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>.
</para>
</refsect1>
</refentry>
</reference>
|
