The
gssd
program provides support for the kernel GSS-API implementation.
The options are as follows:
|
| -d
|
| |
Run in debug mode.
In this mode,
gssd
will not fork when it starts.
|
| -h
|
| |
Enable support for host-based initiator credentials.
This permits a kerberized NFS mount to use a service principal in
the default Kerberos 5 keytab file for access.
Such access is enabled via the
gssname
option for the
mount_nfs(8)
command.
|
| -v
|
| |
Run in verbose mode.
In this mode,
gssd
will log activity messages to syslog using LOG_INFO | LOG_DAEMON or to
stderr, if the
-d
option has also been specified.
The minor status is logged as a decimal number, since it is actually a
Kerberos return status, which is signed.
|
| -s dir-list
|
| |
Look for an appropriate credential cache file in this list of directories.
The list should be full pathnames from root, separated by ':' characters.
Usually this list will simply be "/tmp".
Without this option,
gssd
assumes that the credential cache file is called /tmp/krb5cc_<uid>,
where <uid> is the effective uid for the RPC caller.
|
| -c file-substring
|
| |
Set a file-substring for the credential cache file names.
Only files with this substring embedded in their names will be
selected as candidates when
-s
has been specified.
If not specified, it defaults to "krb5cc_".
|
| -r preferred-realm
|
| |
Use Kerberos credentials for this realm when searching for
credentials in directories specified with
-s.
If not specified, the default Kerberos realm will be used.
|
|
