GSSAPI mechanism modules
~~~~~~~~~~~~~~~~~~~~~~~~
-GSSAPI mechanism module are registered using the file
-``/etc/gss/mech``. Each line in this file has the form::
+GSSAPI mechanism modules are registered using the file
+``/etc/gss/mech`` or configuration files in the ``/etc/gss/mech.d/``
+directory. Only files with a ``.conf`` suffix will be read from the
+``/etc/gss/mech.d/`` directory. Each line in these files has the
+form::
oid pathname [options] <type>
A mechanism module is a Unix shared object or Windows DLL, built
separately from the krb5 tree. Modules are loaded according to the
-``/etc/gss/mech`` config file, as described in
-:ref:`gssapi_plugin_config`.
+``/etc/gss/mech`` or ``/etc/gss/mech.d/*.conf`` config files, as
+described in :ref:`gssapi_plugin_config`.
For the most part, a GSSAPI mechanism module exports the same
functions as would a GSSAPI implementation itself, with the same
gss_OID_set gss_mech_interposer(gss_OID mech_type);
This function is invoked with the OID of the interposer mechanism as
-specified in ``/etc/gss/mech``, and returns a set of mechanism OIDs to
-be interposed. The returned OID set must have been created using the
-mechglue's gss_create_empty_oid_set and gss_add_oid_set_member
-functions.
+specified in ``/etc/gss/mech`` or in a ``/etc/gss/mech.d/*.conf``
+file, and returns a set of mechanism OIDs to be interposed. The
+returned OID set must have been created using the mechglue's
+gss_create_empty_oid_set and gss_add_oid_set_member functions.
An interposer module must use the prefix ``gssi_`` for the GSSAPI
functions it exports, instead of the prefix ``gss_``.
projects / thirdparty / krb5.git / commitdiff
