Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
GSSD(8)                 FreeBSD System Manager's Manual                GSSD(8)

NAME
     gssd - Generic Security Services Daemon

SYNOPSIS
     gssd [-d] [-h] [-o] [-v] [-s dir-list] [-c file-substring]
          [-r preferred-realm]

DESCRIPTION
     The gssd program provides support for the kernel GSS-API implementation.

     The options are as follows:

     -d      Run in debug mode.  In this mode, gssd will not fork when it
             starts.

     -h      Enable support for host-based initiator credentials.  This
             permits a kerberized NFS mount to use a service principal in the
             default Kerberos 5 keytab file for access.  Such access is
             enabled via the gssname option for the mount_nfs(8) command.

     -o      Force use of DES and the associated old style GSS-API
             initialization token.  This may be required to make kerberized
             NFS mounts work against some non-FreeBSD NFS servers.

     -v      Run in verbose mode.  In this mode, gssd will log activity
             messages to syslog using LOG_INFO | LOG_DAEMON or to stderr, if
             the -d option has also been specified.  The minor status is
             logged as a decimal number, since it is actually a Kerberos
             return status, which is signed.

     -s dir-list
             Look for an appropriate credential cache file in this list of
             directories.  The list should be full pathnames from root,
             separated by ':' characters.  Usually this list will simply be
             "/tmp".  Without this option, gssd assumes that the credential
             cache file is called /tmp/krb5cc_<uid>, where <uid> is the
             effective uid for the RPC caller.

     -c file-substring
             Set a file-substring for the credential cache file names.  Only
             files with this substring embedded in their names will be
             selected as candidates when -s has been specified.  If not
             specified, it defaults to "krb5cc_".

     -r preferred-realm
             Use Kerberos credentials for this realm when searching for
             credentials in directories specified with -s.  If not specified,
             the default Kerberos realm will be used.

FILES
     /etc/krb5.keytab      Contains Kerberos service principals which may be
                           used as credentials by kernel GSS-API services.

EXIT STATUS
     The gssd utility exits 0 on success, and >0 if an error occurs.

SEE ALSO
     gssapi(3), mount_nfs(8), syslog(3)

HISTORY
     The gssd manual page first appeared in FreeBSD 8.0.

AUTHORS
     This manual page was written by Doug Rabson <dfr@FreeBSD.org>.

FreeBSD 11.0-PRERELEASE          July 7, 2013          FreeBSD 11.0-PRERELEASE

NAME | SYNOPSIS | DESCRIPTION | FILES | EXIT STATUS | SEE ALSO | HISTORY | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=gssd&sektion=8&manpath=FreeBSD+10.0-RELEASE>

home | help