ss5.gss(5)ss5.gss(5)NAME
ss5.gss - Enable GSS Kerberos authentication, integrity and confiden‐
tiality (see RFC 1961)
SYNOPSIS
ss5 usually communicates with socks client in clear-text. If <s> method
is set in <auth> directive, ss5 establishes a common security mechanism
based on Kerberos mechanisms.
DESCRIPTION
To enable GSSAPI authentication with the ss5 daemon you must set
SS5_GSS_PRINC option in the ss5.conf file indicating your Kerberos
service principal name. Before GSSAPI authentication works, you must
install libgssapi package. In base of socks client want to do, SS5
accepts 0 (auth only), 1 (integrity) or 2 (encryption) encapsulation
values.
To add GSSAPI authentication, change the line to:
auth - - k
set SS5_GSS_PRINC option containing your Kerberos service princi‐
pal name (i.e. rcmd@fqdn if service is equivalent to "rcmd")
3. Restart the server.
SEE ALSOss5(1), ss5.conf(5), ss5.pam(5), ss5.passwd(5), ss5.ha(5), ss5srv(1),
ss5_supa(5), ss5_gss(5)AUTHOR
Matteo Ricchetti
Send comments to Matteo.Ricchetti@libero.it
22 Feb 2009 ss5.gss(5)