|ss5.gss - Enable GSS Kerberos authentication, integrity and confidentiality (see RFC 1961)|
ss5 usually communicates with socks client in clear-text. If <s> method is set in <auth> directive, ss5 establishes a common security mechanism based on Kerberos mechanisms.
To enable GSSAPI authentication with the ss5 daemon you must set SS5_GSS_PRINC option in the ss5.conf file indicating your Kerberos service principal name. Before GSSAPI authentication works, you must install libgssapi package. In base of socks client want to do, SS5 accepts 0 (auth only), 1 (integrity) or 2 (encryption) encapsulation values.
To add GSSAPI authentication, change the line to:auth - - k
set SS5_GSS_PRINC option containing your Kerberos service principal name (i.e. rcmd@fqdn if service is equivalent to "rcmd")
3. Restart the server.
Send comments to Matteo.Ricchetti@libero.it
|-->||SS5.GSS (5)||22 Feb 2009|