Section: GssProxy GSSAPI mechanism manu (8)
gssproxy-mech - GssProxy GSSAPI mechanism plugin
proxymech_v1 2.16.840.1.113722.214.171.124.1 /usr/lib64/gssproxy/proxymech.so [options]
The gssproxy proxymech module is a interposer plugin that is loaded by GSSAPI. It is enabled by
The interposer plugin allows to intercept the entire GSSAPI communication and detour to the
daemon. When the interposer plugin is installed two other conditions need to be met in order to activate it:
a) interposer configuration file
The plugin needs to be manually enabled in the
b) gssproxy environment variable
The interposer plugin will not forward to the gssproxy daemon unless the environment variable named
Furthermore, the interposer plugin can be configured to behave in different ways when called from the GSSAPI. This behavior is controlled via the
environment variable. It accepts four different values:
All commands received with this setting will cause to immediately reenter the GSSAPI w/o any interaction with the gssproxy daemon. When the request cannot be processed it will just fail.
All commands received with this setting will cause to immediately reenter the GSSAPI. When the local GSSAPI cannot process the request, it will resend the request to the gssproxy daemon.
All commands received with this setting will be forwarded to the gssproxy daemon first. If the request cannot be handled there, the request will reenter the local GSSAPI.
This setting is currently not fully implemented and therefor not supported.
The default setting for
Finally the interposer may need to use a special per-service socket in order to communicate with gssproxy. The path to this socket is set via the
GSS-Proxy - http://fedorahosted.org/gss-proxy