xref: /titanic_41/usr/src/man/man1m/gssd.1m (revision 7535ae1914017b0e648abd7a139aca709fa82be3)
te
Copyright (c) 2004, Sun Microsystems, Inc. All Rights Reserved
The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
GSSD 1M "Apr 25, 2007"
NAME
gssd - generates and validates GSS-API tokens for kernel RPC
SYNOPSIS

/usr/lib/gss/gssd
DESCRIPTION

gssd is the user mode daemon that operates between the kernel rpc and the Generic Security Service Application Program Interface (GSS-API) to generate and validate GSS-API security tokens. In addition, gssd maps the GSS-API principal names to the local user and group ids. By default, all groups that the requested user belongs to will be included in the grouplist credential. gssd is invoked by the Internet daemon inetd(1m) the first time that the kernel RPC requests GSS-API services.

EXIT STATUS

The following exit values are returned: 0

Successful completion.

>0

An error occurred.

ATTRIBUTES

See attributes(5) for descriptions of the following attributes:

ATTRIBUTE TYPE ATTRIBUTE VALUE
Interface Stability Evolving
SEE ALSO

kill(1), pkill(1), svcs(1), inetadm(1M), inetd(1M), gsscred(1M), svcadm(1M), gsscred.conf(4), resolv.conf(4), attributes(5), smf(5)

RFC 2078

NOTES

The following signal has the specified effect when sent to the server process using the kill(1) command: SIGHUP

gssd rereads the gsscred.conf(4) options.

When one of the mechanisms being used is Kerberos, then the gssd process must be restarted after adding or changing the resolv.conf(4) file.

The gssd service is managed by the service management facility, smf(5), under the service identifier:

svc:/network/rpc/gss:default

Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). Responsibility for initiating and restarting this service is delegated to inetd(1M). Use inetadm(1M) to make configuration changes and to view configuration information for this service. The service's status can be queried using the svcs(1) command.