A comma-separated list of Kerberos GSS principals that have authorization for the functions included in this role. You can include Wildcard values in the GSS principal names.

The Kerberos principal name consists of:

To use GSS principals for permissions, you must set up Kerberos/GSS in your system (for example, you must set CommsEncryptionType to GSS).

You define the permissions that a particular role has by using StandardRoles, or by specifying the Actions and ServiceActions that you want the role to be able to use. You define the users that belong to a particular role by using Clients, GSSPrincipals, and SSLIdentities. If a connection matches one of the allowed clients, principals, or SSL identities, they have permission to perform the operations allowed by the role.

Type: String
Required: No
Configuration Section: MyAuthorizationRole
Example: GSSPrincipals=IDOL01/,IDOL02/
See Also: Clients