GSSPROXY-MECH(8) GssProxy GSSAPI mechanism manu GSSPROXY-MECH(8)NAME
gssproxy-mech - GssProxy GSSAPI mechanism plugin
SYNOPSIS
proxymech_v1 2.16.840.1.113730.3.8.15.1 /usr/lib64/gssproxy/proxymech.so [options]
DESCRIPTION
The gssproxy proxymech module is a interposer plugin that is loaded by GSSAPI. It is enabled by /etc/gss/mech configuration file.
The interposer plugin allows to intercept the entire GSSAPI communication and detour to the gssproxy daemon. When the interposer plugin is
installed two other conditions need to be met in order to activate it:
a) interposer configuration file
The plugin needs to be manually enabled in the /etc/gss/mech file.
b) gssproxy environment variable
The interposer plugin will not forward to the gssproxy daemon unless the environment variable named GSS_USE_PROXY=yes is set.
Furthermore, the interposer plugin can be configured to behave in different ways when called from the GSSAPI. This behavior is controlled
via the GSSPROXY_BEHAVIOR environment variable. It accepts four different values:
LOCAL_ONLY
All commands received with this setting will cause to immediately reenter the GSSAPI w/o any interaction with the gssproxy daemon. When
the request cannot be processed it will just fail.
LOCAL_FIRST
All commands received with this setting will cause to immediately reenter the GSSAPI. When the local GSSAPI cannot process the request,
it will resend the request to the gssproxy daemon.
REMOTE_FIRST
All commands received with this setting will be forwarded to the gssproxy daemon first. If the request cannot be handled there, the
request will reenter the local GSSAPI.
REMOTE_ONLY
This setting is currently not fully implemented and therefor not supported.
The default setting for GSSPROXY_BEHAVIOR is REMOTE_FIRST.
Finally the interposer may need to use a special per-service socket in order to communicate with gssproxy. The path to this socket is set
via the GSSPROXY_SOCKET environment variable.
SEE ALSO gssproxy.conf(5) and gssproxy(8).
AUTHORS
GSS-Proxy - http://fedorahosted.org/gss-proxy
GSS Proxy 06/10/2014 GSSPROXY-MECH(8)
Check Out this Related Man Page
GSSAPI::Status(3) User Contributed Perl Documentation GSSAPI::Status(3)NAME
GSSAPI::Status - methods for handlings GSSAPI statuses
SYNOPSIS
use GSSAPI;
$status = GSSAPI::Status->new(GSS_S_COMPLETE, 0);
if (GSS_ERROR($status->major)) {
die "a horrible death";
}
if (! $status) { # another way of writing the above
die "a horrible death";
}
$status = $some_GSSAPI->someop($args1, etc);
if ($status) {
foreach ($status->generic_message, $status->specific_message) {
print "GSSAPI error: $_
";
}
die "help me";
}
DESCRIPTION
"GSSAPI::Status" objects are returned by most other GSSAPI operations. Such statuses consist of a GSSAPI generic code and, for most
operations, a mechanism specific code. These numeric codes can be accessed via the methods "major" and "minor". The standard textual
messages that go with the current status can be obtained via the "generic_message" and "specific_message" methods. Each of these returns a
list of text which should presumably be displayed in order.
The generic code part of a GSSAPI::Status is composed of three subfields that can be accessed with the "GSS_CALLING_ERROR",
"GSS_ROUTINE_ERROR", and "GSS_SUPPLEMENTARY_INFO" functions. The returned values can be compared against the constants whose names start
with "GSS_S_" if your code wants to handle particular errors itself. The "GSS_ERROR" function returns true if and only if the given
generic code contains neither a calling error nor a routine error.
When evaluated in a boolean context, a "GSSAPI::Status" object will be true if and only if the major status code is "GSS_S_COMPLETE".
When evaluated in a string contect, a "GSSAPI::Status" object will return the generic and specific messages all joined together with
newlines. This may or may not make "die $status" work usefully.
BUGS
The base objects are currently implmented as a blessed C structure containing the major and minor status codes. It should probably be a
blessed array or hash instead, thereby cutting down on the amount of C code involved and making it more flexible.
AUTHOR
Philip Guenther <pguen@cpan.org>
SEE ALSO perl(1) RFC2743
perl v5.18.2 2008-02-02 GSSAPI::Status(3)