{"id":2852,"date":"2022-12-20T15:17:30","date_gmt":"2022-12-20T18:17:30","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/gssproxymech-man8\/"},"modified":"2022-12-20T15:17:30","modified_gmt":"2022-12-20T18:17:30","slug":"gssproxymech-man8","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/gssproxymech-man8\/","title":{"rendered":"GSSPROXY&minus;MECH (man8)"},"content":{"rendered":"<h1 align=\"center\">GSSPROXY\u2212MECH<\/h1>\n<p> <a href=\"#NAME\">NAME<\/a><br \/> <a href=\"#SYNOPSIS\">SYNOPSIS<\/a><br \/> <a href=\"#DESCRIPTION\">DESCRIPTION<\/a><br \/> <a href=\"#SEE ALSO\">SEE ALSO<\/a><br \/> <a href=\"#AUTHORS\">AUTHORS<\/a> <\/p>\n<hr>\n<h2>NAME <a name=\"NAME\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">gssproxy-mech \u2212 GssProxy GSSAPI mechanism plugin<\/p>\n<h2>SYNOPSIS <a name=\"SYNOPSIS\"><\/a> <\/h2>\n<table width=\"100%\" border=\"0\" rules=\"none\" frame=\"void\" cellspacing=\"0\" cellpadding=\"0\">\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"89%\">\n<p style=\"margin-top: 1em\"><b>proxymech_v1 2.16.840.1.113730.3.8.15.1 \/usr\/lib64\/gssproxy\/proxymech.so<\/b> [<i>options<\/i>]<\/p>\n<\/td>\n<\/tr>\n<\/table>\n<h2>DESCRIPTION <a name=\"DESCRIPTION\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">The gssproxy proxymech module is a interposer plugin that is loaded by GSSAPI. It is enabled by \/etc\/gss\/mech configuration file.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">The interposer plugin allows to intercept the entire GSSAPI communication and detour to the <b>gssproxy<\/b> daemon. When the interposer plugin is installed two other conditions need to be met in order to activate it:<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">a) interposer configuration file<\/p>\n<p style=\"margin-left:17%;\">The plugin needs to be manually enabled in the \/etc\/gss\/mech file.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">b) gssproxy environment variable<\/p>\n<p style=\"margin-left:17%;\">The interposer plugin will not forward to the gssproxy daemon unless the environment variable named <i>GSS_USE_PROXY=yes<\/i> is set.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">Furthermore, the interposer plugin can be configured to behave in different ways when called from the GSSAPI. This behavior is controlled via the <i>GSSPROXY_BEHAVIOR<\/i> environment variable. It accepts four different values:<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">LOCAL_ONLY<\/p>\n<p style=\"margin-left:17%;\">All commands received with this setting will cause to immediately reenter the GSSAPI w\/o any interaction with the gssproxy daemon. When the request cannot be processed it will just fail.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">LOCAL_FIRST<\/p>\n<p style=\"margin-left:17%;\">All commands received with this setting will cause to immediately reenter the GSSAPI. When the local GSSAPI cannot process the request, it will resend the request to the gssproxy daemon.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">REMOTE_FIRST<\/p>\n<p style=\"margin-left:17%;\">All commands received with this setting will be forwarded to the gssproxy daemon first. If the request cannot be handled there, the request will reenter the local GSSAPI.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">REMOTE_ONLY<\/p>\n<p style=\"margin-left:17%;\">This setting is currently not fully implemented and therefor not supported.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">The default setting for <i>GSSPROXY_BEHAVIOR<\/i> is REMOTE_FIRST.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">Finally the interposer may need to use a special per\u2212service socket in order to communicate with gssproxy. The path to this socket is set via the <i>GSSPROXY_SOCKET<\/i> environment variable.<\/p>\n<h2>SEE ALSO <a name=\"SEE ALSO\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\"><b>gssproxy.conf<\/b>(5) and <b>gssproxy<\/b>(8).<\/p>\n<h2>AUTHORS <a name=\"AUTHORS\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\"><b>GSS\u2212Proxy \u2212 http:\/\/fedorahosted.org\/gss\u2212proxy<\/b><\/p>\n<hr>\n","protected":false},"excerpt":{"rendered":"<p>  gssproxy-mech \u2212 GssProxy GSSAPI mechanism plugin <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,202,4],"class_list":["post-2852","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-gssproxy-mech","tag-man8"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/2852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=2852"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/2852\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=2852"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=2852"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=2852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}