GSSPrincipals
A comma-separated list of Kerberos GSS principals that have authorization for the functions included in this role. You can include Wildcard values in the GSS principal names.
The Kerberos principal name consists of:
- The Kerberos primary. This value might be the user name or service name (for example,
IDOL/
). - The instance name. The instance is the fully qualified host name; for example,
myserver.example.com
. This value is optional, and users do not usually have an instance. - The Kerberos realm. This value is normally the domain name in uppercase; for example,
@EXAMPLE.COM
.
To use GSS principals for permissions, you must set up Kerberos/GSS in your system (for example, you must set RequireGSSAuth).
You define the permissions that a particular role has by using StandardRoles, or by specifying the Actions
Type: | String |
Default: | |
Required: | No |
Configuration Section: | MyAuthorizationRole |
Example: | GSSPrincipals=IDOL01/admin.example.com@EXAMPLE.COM,IDOL02/userserver.example.com@EXAMPLE.COM
|
See Also: | Clients
SSLIdentities |