xref: /freebsd/usr.sbin/gssd/gssd.8 (revision e8ab2920c7ebb063b5c01aa77e1f04b53ffa3c23) 
1a9148abdSDoug Rabson.\" Copyright (c) 2008 Isilon Inc http://www.isilon.com/
2a9148abdSDoug Rabson.\" Authors: Doug Rabson <dfr@rabson.org>
362486687SUlrich Spörlein.\" Developed with Red Inc: Alfred Perlstein <alfred@FreeBSD.org>
4a9148abdSDoug Rabson.\"
5a9148abdSDoug Rabson.\" Redistribution and use in source and binary forms, with or without
6a9148abdSDoug Rabson.\" modification, are permitted provided that the following conditions
7a9148abdSDoug Rabson.\" are met:
8a9148abdSDoug Rabson.\" 1. Redistributions of source code must retain the above copyright
9a9148abdSDoug Rabson.\"    notice, this list of conditions and the following disclaimer.
10a9148abdSDoug Rabson.\" 2. Redistributions in binary form must reproduce the above copyright
11a9148abdSDoug Rabson.\"    notice, this list of conditions and the following disclaimer in the
12a9148abdSDoug Rabson.\"    documentation and/or other materials provided with the distribution.
13a9148abdSDoug Rabson.\"
14a9148abdSDoug Rabson.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15a9148abdSDoug Rabson.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16a9148abdSDoug Rabson.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17a9148abdSDoug Rabson.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18a9148abdSDoug Rabson.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19a9148abdSDoug Rabson.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20a9148abdSDoug Rabson.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21a9148abdSDoug Rabson.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22a9148abdSDoug Rabson.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23a9148abdSDoug Rabson.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24a9148abdSDoug Rabson.\" SUCH DAMAGE.
25a9148abdSDoug Rabson.\"
26a9148abdSDoug Rabson.\" $FreeBSD$
27a9148abdSDoug Rabson.\"
28*e8ab2920SBenjamin Kaduk.Dd December 30, 2012
29a9148abdSDoug Rabson.Dt GSSD 8
30a9148abdSDoug Rabson.Os
31a9148abdSDoug Rabson.Sh NAME
32a9148abdSDoug Rabson.Nm gssd
33a9148abdSDoug Rabson.Nd "Generic Security Services Daemon"
34a9148abdSDoug Rabson.Sh SYNOPSIS
35a9148abdSDoug Rabson.Nm
36a9148abdSDoug Rabson.Op Fl d
3709e3247eSRick Macklem.Op Fl s Ar dir-list
3809e3247eSRick Macklem.Op Fl c Ar file-substring
3909e3247eSRick Macklem.Op Fl r Ar preferred-realm
40a9148abdSDoug Rabson.Sh DESCRIPTION
41a9148abdSDoug RabsonThe
42a9148abdSDoug Rabson.Nm
43a9148abdSDoug Rabsonprogram provides support for the kernel GSS-API implementation.
44a9148abdSDoug Rabson.Pp
45a9148abdSDoug RabsonThe options are as follows:
46e1656a88SJoel Dahl.Bl -tag -width indent
47a9148abdSDoug Rabson.It Fl d
48a9148abdSDoug RabsonRun in debug mode.
49a9148abdSDoug RabsonIn this mode,
50a9148abdSDoug Rabson.Nm
51831cbaf1SGiorgos Keramidaswill not fork when it starts.
5209e3247eSRick Macklem.It Fl s Ar dir-list
5309e3247eSRick MacklemLook for an appropriate credential cache file in this list of directories.
5409e3247eSRick MacklemThe list should be full pathnames from root, separated by ':' characters.
5509e3247eSRick MacklemUsually this list will simply be "/tmp".
56*e8ab2920SBenjamin KadukWithout this option,
5709e3247eSRick Macklem.Nm
58*e8ab2920SBenjamin Kadukassumes that the credential cache file is called /tmp/krb5cc_<uid>,
5909e3247eSRick Macklemwhere <uid> is the effective uid for the RPC caller.
6009e3247eSRick Macklem.It Fl c Ar file-substring
6109e3247eSRick MacklemSet a file-substring for the credential cache file names.
6209e3247eSRick MacklemOnly files with this substring embedded in their names will be
63*e8ab2920SBenjamin Kadukselected as candidates when
6409e3247eSRick Macklem.Fl s
6509e3247eSRick Macklemhas been specified.
6609e3247eSRick MacklemIf not specified, it defaults to "krb5cc_".
6709e3247eSRick Macklem.It Fl r Ar preferred-realm
68*e8ab2920SBenjamin KadukUse Kerberos credentials for this realm when searching for
69*e8ab2920SBenjamin Kadukcredentials in directories specified with
70*e8ab2920SBenjamin Kaduk.Fl s .
71*e8ab2920SBenjamin KadukIf not specified, the default Kerberos realm will be used.
72a9148abdSDoug Rabson.El
73a9148abdSDoug Rabson.Sh FILES
74a9148abdSDoug Rabson.Bl -tag -width ".Pa /etc/krb5.keytab" -compact
75a9148abdSDoug Rabson.It Pa /etc/krb5.keytab
76a9148abdSDoug RabsonContains Kerberos service principals which may be used as credentials
77a9148abdSDoug Rabsonby kernel GSS-API services.
78a9148abdSDoug Rabson.El
79a9148abdSDoug Rabson.Sh EXIT STATUS
80a9148abdSDoug Rabson.Ex -std
81a9148abdSDoug Rabson.Sh SEE ALSO
82a9148abdSDoug Rabson.Xr gssapi 3
83a9148abdSDoug Rabson.Sh HISTORY
84a9148abdSDoug RabsonThe
85a9148abdSDoug Rabson.Nm
86831cbaf1SGiorgos Keramidasmanual page first appeared in
87a9148abdSDoug Rabson.Fx 8.0 .
88a9148abdSDoug Rabson.Sh AUTHORS
89a9148abdSDoug RabsonThis
90a9148abdSDoug Rabsonmanual page was written by
91a9148abdSDoug Rabson.An Doug Rabson Aq dfr@FreeBSD.org .
92