gssd Daemon

Purpose

Services kernel requests for GSS operations.

Syntax

/usr/sbin/gssd

Description

Some NFS security methods, such as Kerberos 5, are provided under a more general mechanism called General Security Services, or GSS. In AIX®, GSS services are provided by a library in the IBM® Network Authentication Service (NAS) fileset. NAS is shipped on the expansion pack. The gssd daemon makes these GSS services available to the NFS server kernel code. If the gssd daemon is not running, then efforts to access files via NFS using GSS security methods such as Kerberos 5 will fail. The gssd daemon registers using RPC program number 400234.

The gssd daemon is started and stopped with the following System Resource Controller (SRC) commands:

startsrc -s gssd  
stopsrc -s gssd

Files

Item	Description
/etc/nfs/hostkey	Specifies keytab file location and host principal in the following format: `path to keytab file host principal`
/etc/nfs/princmap	Specifies mappings to host principals in the following format: `principal1 alias1 alias2 alias3 principal2 alias1` The aliases can be IP addresses or hostnames; the principal must match the host key maintained by kerberos.