FreeBSD manual
download PDF document: gssd.8.pdf
GSSD(8) FreeBSD System Manager's Manual GSSD(8)
NAME
gssd - Generic Security Services Daemon
SYNOPSIS
gssd [-d] [-h] [-v] [-s dir-list] [-c file-substring]
[-r preferred-realm]
DESCRIPTION
The gssd program provides support for the kernel GSS-API implementation.
The options are as follows:
-d Run in debug mode. In this mode, gssd will not fork when it
starts.
-h Enable support for host-based initiator credentials. This
permits a kerberized NFS mount to use a service principal in the
default Kerberos 5 keytab file for access. Such access is
enabled via the gssname option for the mount_nfs(8) command.
-v Run in verbose mode. In this mode, gssd will log activity
messages to syslog using LOG_INFO | LOG_DAEMON or to stderr, if
the -d option has also been specified. The minor status is
logged as a decimal number, since it is actually a Kerberos
return status, which is signed.
-s dir-list
Look for an appropriate credential cache file in this list of
directories. The list should be full pathnames from root,
separated by ':' characters. Usually this list will simply be
"/tmp". Without this option, gssd assumes that the credential
cache file is called /tmp/krb5cc_<uid>, where <uid> is the
effective uid for the RPC caller.
-c file-substring
Set a file-substring for the credential cache file names. Only
files with this substring embedded in their names will be
selected as candidates when -s has been specified. If not
specified, it defaults to "krb5cc_".
-r preferred-realm
Use Kerberos credentials for this realm when searching for
credentials in directories specified with -s. If not specified,
the default Kerberos realm will be used.
FILES
/etc/krb5.keytab Contains Kerberos service principals which may be used
as credentials by kernel GSS-API services.
EXIT STATUS
The gssd utility exits 0 on success, and >0 if an error occurs.
SEE ALSO
gssapi(3), syslog(3), mount_nfs(8)
HISTORY
The gssd manual page first appeared in FreeBSD 8.0.