GSSD(8) FreeBSD System Manager's Manual GSSD(8)


gssdGeneric Security Services Daemon


gssd [ -d][ -h][ -o][ -v][ -s dir-list][ -c file-substring][ -r preferred-realm]


The gssd program provides support for the kernel GSS-API implementation.

The options are as follows:

Run in debug mode. In this mode, gssd will not fork when it starts.
Enable support for host-based initiator credentials. This permits a kerberized NFS mount to use a service principal in the default Kerberos 5 keytab file for access. Such access is enabled via the gssname option for the mount_nfs(8) command.
Force use of DES and the associated old style GSS-API initialization token. This may be required to make kerberized NFS mounts work against some non-FreeBSD NFS servers.
Run in verbose mode. In this mode, gssd will log activity messages to syslog using LOG_INFO | LOG_DAEMON or to stderr, if the -d option has also been specified. The minor status is logged as a decimal number, since it is actually a Kerberos return status, which is signed.
-s dir-list
Look for an appropriate credential cache file in this list of directories. The list should be full pathnames from root, separated by ':' characters. Usually this list will simply be "/tmp". Without this option, gssd assumes that the credential cache file is called /tmp/krb5cc_<uid>, where <uid> is the effective uid for the RPC caller.
-c file-substring
Set a file-substring for the credential cache file names. Only files with this substring embedded in their names will be selected as candidates when -s has been specified. If not specified, it defaults to "krb5cc_".
-r preferred-realm
Use Kerberos credentials for this realm when searching for credentials in directories specified with -s. If not specified, the default Kerberos realm will be used.


Contains Kerberos service principals which may be used as credentials by kernel GSS-API services.


The gssd utility exits 0 on success, and >0 if an error occurs.


The gssd manual page first appeared in FreeBSD 8.0.


This manual page was written by Doug Rabson <dfr@FreeBSD.org>.
July 7, 2013 FreeBSD