c66e429f41
The manpage was implying it was possible to have comments at the end of configuration lines, while SSSD's ini parsing library used by gssproxy supports full line comments only. Signed-off-by: Julien Rische <jrische@redhat.com> |
||
|---|---|---|
| .github/workflows | ||
| contrib | ||
| docs | ||
| examples | ||
| external | ||
| man | ||
| po | ||
| rpcgen | ||
| src | ||
| systemd | ||
| tests | ||
| x-files | ||
| .gitignore | ||
| BUILD.txt | ||
| build_macros.m4 | ||
| conf_macros.m4 | ||
| configure.ac | ||
| COPYING | ||
| Makefile.am | ||
| NOTES | ||
| README.md | ||
| STYLE.txt | ||
| version.m4 | ||
This is the gss-proxy project.
Documentation lives in the docs folder of this repository.
The goal is to have a GSS-API proxy, with standardizable protocol and a (somewhat portable) reference client and server implementation. There are several motivations for this some of which are:
-
Kernel-mode GSS-API applications (CIFS, NFS, AFS, ...) need to be able to leave all complexity of GSS_Init/Accept_sec_context() out of the kernel by upcalling to a daemon that does all the dirty work.
-
Isolation and privilege separation for user-mode applications. For example: letting HTTP servers use but not see the keytabe entries for HTTP/* principals for accepting security contexts.
-
Possibly an ssh-agent-like SSH agent for GSS credentials -- a gss-agent.
gss-proxy uses libverto for dealing with event loops. Note that you need to have at least one libverto event library installed (e.g. libverto-tevent).
We have a mailing list and an IRC channel (#gssapi on libera.chat).