GSS-API Proxy protocol, client and server
C Shell
Latest commit bd8ffcf Jan 4, 2014 @simo5 simo5 committed with Günther Deschner Block parent process until child is initialized.
This way the init system will not proceed starting dependencies until gssproxy
is actually ready to serve requests.
In particular this is used to make sure the nfsd proc file has been touched
before the nfsd server is started.


Signed-off-by: Simo Sorce <>
Reviewed-by: Günther Deschner <>
Failed to load latest commit information.
proxy Block parent process until child is initialized. Jan 15, 2014
NOTES add note about how to deal with ccache files Apr 5, 2012
README Add note about libverto default event library. May 31, 2012


This is the gss-proxy project.

The goal is to have a GSS-API proxy, with standardizable protocol and a
[somewhat portable] reference client and server implementation.  There
are several motivations for this some of which are:

 - Kernel-mode GSS-API applications (CIFS, NFS, AFS, ...) need to be
   able to leave all complexity of GSS_Init/Accept_sec_context() out of
   the kernel by upcalling to a daemon that does all the dirty work.

 - Isolation and privilege separation for user-mode applications.  For
   example: letting HTTP servers use but not see the keytabe entries for
   HTTP/* principals for accepting security contexts.

 - Possibly an ssh-agent-like SSH agent for GSS credentials -- a

gss-proxy uses libverto for dealing with event loops. Note that you need to
have at least one libverto event library installed (e.g. libverto-tevent).