xref: /freebsd/usr.sbin/gssd/gssd.8 (revision b91cd7da8cb564fe42fec94d0a32b57ccdd6ed80) 
1a9148abdSDoug Rabson.\" Copyright (c) 2008 Isilon Inc http://www.isilon.com/
2a9148abdSDoug Rabson.\" Authors: Doug Rabson <dfr@rabson.org>
362486687SUlrich Spörlein.\" Developed with Red Inc: Alfred Perlstein <alfred@FreeBSD.org>
4a9148abdSDoug Rabson.\"
5a9148abdSDoug Rabson.\" Redistribution and use in source and binary forms, with or without
6a9148abdSDoug Rabson.\" modification, are permitted provided that the following conditions
7a9148abdSDoug Rabson.\" are met:
8a9148abdSDoug Rabson.\" 1. Redistributions of source code must retain the above copyright
9a9148abdSDoug Rabson.\"    notice, this list of conditions and the following disclaimer.
10a9148abdSDoug Rabson.\" 2. Redistributions in binary form must reproduce the above copyright
11a9148abdSDoug Rabson.\"    notice, this list of conditions and the following disclaimer in the
12a9148abdSDoug Rabson.\"    documentation and/or other materials provided with the distribution.
13a9148abdSDoug Rabson.\"
14a9148abdSDoug Rabson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15a9148abdSDoug Rabson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16a9148abdSDoug Rabson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17a9148abdSDoug Rabson.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18a9148abdSDoug Rabson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19a9148abdSDoug Rabson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20a9148abdSDoug Rabson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21a9148abdSDoug Rabson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22a9148abdSDoug Rabson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23a9148abdSDoug Rabson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24a9148abdSDoug Rabson.\" SUCH DAMAGE.
25a9148abdSDoug Rabson.\"
26a9148abdSDoug Rabson.\" $FreeBSD$
27a9148abdSDoug Rabson.\"
28*b91cd7daSRick Macklem.Dd July 7, 2013
29a9148abdSDoug Rabson.Dt GSSD 8
30a9148abdSDoug Rabson.Os
31a9148abdSDoug Rabson.Sh NAME
32a9148abdSDoug Rabson.Nm gssd
33a9148abdSDoug Rabson.Nd "Generic Security Services Daemon"
34a9148abdSDoug Rabson.Sh SYNOPSIS
35a9148abdSDoug Rabson.Nm
36a9148abdSDoug Rabson.Op Fl d
37*b91cd7daSRick Macklem.Op Fl h
38d51dbb7aSRick Macklem.Op Fl o
39d15f63f2SRick Macklem.Op Fl v
4009e3247eSRick Macklem.Op Fl s Ar dir-list
4109e3247eSRick Macklem.Op Fl c Ar file-substring
4209e3247eSRick Macklem.Op Fl r Ar preferred-realm
43a9148abdSDoug Rabson.Sh DESCRIPTION
44a9148abdSDoug RabsonThe
45a9148abdSDoug Rabson.Nm
46a9148abdSDoug Rabsonprogram provides support for the kernel GSS-API implementation.
47a9148abdSDoug Rabson.Pp
48a9148abdSDoug RabsonThe options are as follows:
49e1656a88SJoel Dahl.Bl -tag -width indent
50a9148abdSDoug Rabson.It Fl d
51a9148abdSDoug RabsonRun in debug mode.
52a9148abdSDoug RabsonIn this mode,
53a9148abdSDoug Rabson.Nm
54831cbaf1SGiorgos Keramidaswill not fork when it starts.
55*b91cd7daSRick Macklem.It Fl h
56*b91cd7daSRick MacklemEnable support for host based initiator credentials.
57*b91cd7daSRick MacklemThis permits a kerberized NFS mount to use a service principal in
58*b91cd7daSRick Macklemthe default Kerberos5 keytab file for access.
59*b91cd7daSRick MacklemSuch access is enabled via the
60*b91cd7daSRick Macklemgssname
61*b91cd7daSRick Macklemoption for the
62*b91cd7daSRick Macklem.Xr mount_nfs 8
63*b91cd7daSRick Macklemcommand.
64d51dbb7aSRick Macklem.It Fl o
65d51dbb7aSRick MacklemForce use of DES and the associated old style GSS-API initialization token.
66d51dbb7aSRick MacklemThis may be required to make kerberized NFS mounts work against some
67d51dbb7aSRick Macklemnon-FreeBSD NFS servers.
68d15f63f2SRick Macklem.It Fl v
69d15f63f2SRick MacklemRun in verbose mode.
70d15f63f2SRick MacklemIn this mode,
71d15f63f2SRick Macklem.Nm
72d15f63f2SRick Macklemwill log activity messages to syslog using LOG_INFO | LOG_DAEMON or to
73d15f63f2SRick Macklemstderr, if the
74d15f63f2SRick Macklem.Fl d
75d15f63f2SRick Macklemoption has also been specified.
76d15f63f2SRick MacklemThe minor status is logged as a decimal number, since it is actually a
77d15f63f2SRick MacklemKerberos return status, which is signed.
7809e3247eSRick Macklem.It Fl s Ar dir-list
7909e3247eSRick MacklemLook for an appropriate credential cache file in this list of directories.
8009e3247eSRick MacklemThe list should be full pathnames from root, separated by ':' characters.
8109e3247eSRick MacklemUsually this list will simply be "/tmp".
82e8ab2920SBenjamin KadukWithout this option,
8309e3247eSRick Macklem.Nm
84e8ab2920SBenjamin Kadukassumes that the credential cache file is called /tmp/krb5cc_<uid>,
8509e3247eSRick Macklemwhere <uid> is the effective uid for the RPC caller.
8609e3247eSRick Macklem.It Fl c Ar file-substring
8709e3247eSRick MacklemSet a file-substring for the credential cache file names.
8809e3247eSRick MacklemOnly files with this substring embedded in their names will be
89e8ab2920SBenjamin Kadukselected as candidates when
9009e3247eSRick Macklem.Fl s
9109e3247eSRick Macklemhas been specified.
9209e3247eSRick MacklemIf not specified, it defaults to "krb5cc_".
9309e3247eSRick Macklem.It Fl r Ar preferred-realm
94e8ab2920SBenjamin KadukUse Kerberos credentials for this realm when searching for
95e8ab2920SBenjamin Kadukcredentials in directories specified with
96e8ab2920SBenjamin Kaduk.Fl s .
97e8ab2920SBenjamin KadukIf not specified, the default Kerberos realm will be used.
98a9148abdSDoug Rabson.El
99a9148abdSDoug Rabson.Sh FILES
100a9148abdSDoug Rabson.Bl -tag -width ".Pa /etc/krb5.keytab" -compact
101a9148abdSDoug Rabson.It Pa /etc/krb5.keytab
102a9148abdSDoug RabsonContains Kerberos service principals which may be used as credentials
103a9148abdSDoug Rabsonby kernel GSS-API services.
104a9148abdSDoug Rabson.El
105a9148abdSDoug Rabson.Sh EXIT STATUS
106a9148abdSDoug Rabson.Ex -std
107a9148abdSDoug Rabson.Sh SEE ALSO
108d15f63f2SRick Macklem.Xr gssapi 3 ,
109*b91cd7daSRick Macklem.Xr mount_nfs 8 ,
110d15f63f2SRick Macklem.Xr syslog 3
111a9148abdSDoug Rabson.Sh HISTORY
112a9148abdSDoug RabsonThe
113a9148abdSDoug Rabson.Nm
114831cbaf1SGiorgos Keramidasmanual page first appeared in
115a9148abdSDoug Rabson.Fx 8.0 .
116a9148abdSDoug Rabson.Sh AUTHORS
117a9148abdSDoug RabsonThis
118a9148abdSDoug Rabsonmanual page was written by
119a9148abdSDoug Rabson.An Doug Rabson Aq dfr@FreeBSD.org .
120