GSSD(8) 		  BSD System Manager's Manual		       GSSD(8)

NAME
     gssd — Generic Security Services Daemon

SYNOPSIS
     gssd [-d] [-h] [-o] [-v] [-s dir-list] [-c file-substring]
	  [-r preferred-realm]

DESCRIPTION
     The gssd program provides support for the kernel GSS-API implementation.

     The options are as follows:

     -d      Run in debug mode.  In this mode, gssd will not fork when it
	     starts.

     -h      Enable support for host-based initiator credentials.  This per‐
	     mits a kerberized NFS mount to use a service principal in the
	     default Kerberos 5 keytab file for access.  Such access is
	     enabled via the gssname option for the mount_nfs(8) command.

     -o      Force use of DES and the associated old style GSS-API initializa‐
	     tion token.  This may be required to make kerberized NFS mounts
	     work against some non-FreeBSD NFS servers.

     -v      Run in verbose mode.  In this mode, gssd will log activity mes‐
	     sages to syslog using LOG_INFO | LOG_DAEMON or to stderr, if the
	     -d option has also been specified.  The minor status is logged as
	     a decimal number, since it is actually a Kerberos return status,
	     which is signed.

     -s dir-list
	     Look for an appropriate credential cache file in this list of
	     directories.  The list should be full pathnames from root, sepa‐
	     rated by ':' characters.  Usually this list will simply be
	     "/tmp".  Without this option, gssd assumes that the credential
	     cache file is called /tmp/krb5cc_<uid>, where <uid> is the effec‐
	     tive uid for the RPC caller.

     -c file-substring
	     Set a file-substring for the credential cache file names.	Only
	     files with this substring embedded in their names will be
	     selected as candidates when -s has been specified.  If not speci‐
	     fied, it defaults to "krb5cc_".

     -r preferred-realm
	     Use Kerberos credentials for this realm when searching for cre‐
	     dentials in directories specified with -s.  If not specified, the
	     default Kerberos realm will be used.

FILES
     /etc/krb5.keytab  Contains Kerberos service principals which may be used
		       as credentials by kernel GSS-API services.

EXIT STATUS
     The gssd utility exits 0 on success, and >0 if an error occurs.

SEE ALSO
     gssapi(3), mount_nfs(8), syslog(3)

HISTORY
     The gssd manual page first appeared in FreeBSD 8.0.

AUTHORS
     This manual page was written by Doug Rabson ⟨dfr@FreeBSD.org⟩.

BSD				 July 7, 2013				   BSD