- mechanism and QOP files
The /etc/gss/mech and /etc/gss/qop files contain tables showing installed security mechanisms and the Quality of Protection (QOP) associated with them, respectively. As security mechanisms are installed on the system, entries are added to these two files. Contents of these files may be accessed either manually or programmatically. For example, manually with cat(1) or more(1), or programmatically with either rpc_gss_get_mechanisms(3NSL) or rpc_gss_get_mech_info(3NSL).
The order of entries in the /etc/gss/mech file is significant: the order should be from the most preferred to the least preferred mechanisms.
The /etc/gss/mech file contains five fields:
ASCII string representing the mechanism.
RPC OID for this mechanism.
Shared library which implements the services provided by this mechanism.
Kernel module which implements the services provided by this mechanism.
Optional parameters that are interpreted by the individual mechanism with which they are associated. Specific supported options are described in the documentation for the individual mechanism, if any. Not all mechanisms have support for optional parameters. library options must be enclosed in brackets ([ ]) so they may be differentiated from the optional kernel module entries.
The /etc/gss/qop file contains three fields:
Name, in ASCII, of this Quality of Protection.
Numeric value by which RPC identifies this QOP.
ASCII string representing the mechanism with which this QOP is associated.
Example 1 A Typical Entry in /etc/gss/mech
This is a typical entry in a /etc/gss/mech file:
kerberosv5 1.2.840.1135220.127.116.11 mech_krb5.so kmech_krb5
Example 2 A Typical Entry in /etc/gss/qop
This is a typical entry in a /etc/gss/qop file:
GSS_KRB5_CONF_C_QOP_DES 0 kerberosv5