|
Packit |
fd8b60 |
.\" Man page generated from reStructuredText.
|
|
Packit |
fd8b60 |
.
|
|
Packit |
fd8b60 |
.TH "SSERVER" "8" " " "1.18.2" "MIT Kerberos"
|
|
Packit |
fd8b60 |
.SH NAME
|
|
Packit |
fd8b60 |
sserver \- sample Kerberos version 5 server
|
|
Packit |
fd8b60 |
.
|
|
Packit |
fd8b60 |
.nr rst2man-indent-level 0
|
|
Packit |
fd8b60 |
.
|
|
Packit |
fd8b60 |
.de1 rstReportMargin
|
|
Packit |
fd8b60 |
\\$1 \\n[an-margin]
|
|
Packit |
fd8b60 |
level \\n[rst2man-indent-level]
|
|
Packit |
fd8b60 |
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
Packit |
fd8b60 |
-
|
|
Packit |
fd8b60 |
\\n[rst2man-indent0]
|
|
Packit |
fd8b60 |
\\n[rst2man-indent1]
|
|
Packit |
fd8b60 |
\\n[rst2man-indent2]
|
|
Packit |
fd8b60 |
..
|
|
Packit |
fd8b60 |
.de1 INDENT
|
|
Packit |
fd8b60 |
.\" .rstReportMargin pre:
|
|
Packit |
fd8b60 |
. RS \\$1
|
|
Packit |
fd8b60 |
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
Packit |
fd8b60 |
. nr rst2man-indent-level +1
|
|
Packit |
fd8b60 |
.\" .rstReportMargin post:
|
|
Packit |
fd8b60 |
..
|
|
Packit |
fd8b60 |
.de UNINDENT
|
|
Packit |
fd8b60 |
. RE
|
|
Packit |
fd8b60 |
.\" indent \\n[an-margin]
|
|
Packit |
fd8b60 |
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
Packit |
fd8b60 |
.nr rst2man-indent-level -1
|
|
Packit |
fd8b60 |
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
Packit |
fd8b60 |
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
Packit |
fd8b60 |
..
|
|
Packit |
fd8b60 |
.SH SYNOPSIS
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
\fBsserver\fP
|
|
Packit |
fd8b60 |
[ \fB\-p\fP \fIport\fP ]
|
|
Packit |
fd8b60 |
[ \fB\-S\fP \fIkeytab\fP ]
|
|
Packit |
fd8b60 |
[ \fIserver_port\fP ]
|
|
Packit |
fd8b60 |
.SH DESCRIPTION
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
sserver and sclient(1) are a simple demonstration client/server
|
|
Packit |
fd8b60 |
application. When sclient connects to sserver, it performs a Kerberos
|
|
Packit |
fd8b60 |
authentication, and then sserver returns to sclient the Kerberos
|
|
Packit |
fd8b60 |
principal which was used for the Kerberos authentication. It makes a
|
|
Packit |
fd8b60 |
good test that Kerberos has been successfully installed on a machine.
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
The service name used by sserver and sclient is sample. Hence,
|
|
Packit |
fd8b60 |
sserver will require that there be a keytab entry for the service
|
|
Packit |
fd8b60 |
\fBsample/hostname.domain.name@REALM.NAME\fP\&. This keytab is generated
|
|
Packit |
fd8b60 |
using the kadmin(1) program. The keytab file is usually
|
|
Packit |
fd8b60 |
installed as \fB@KTNAME@\fP\&.
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
The \fB\-S\fP option allows for a different keytab than the default.
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
sserver is normally invoked out of inetd(8), using a line in
|
|
Packit |
fd8b60 |
\fB/etc/inetd.conf\fP that looks like this:
|
|
Packit |
fd8b60 |
.INDENT 0.0
|
|
Packit |
fd8b60 |
.INDENT 3.5
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
.nf
|
|
Packit |
fd8b60 |
.ft C
|
|
Packit |
fd8b60 |
sample stream tcp nowait root /usr/local/sbin/sserver sserver
|
|
Packit |
fd8b60 |
.ft P
|
|
Packit |
fd8b60 |
.fi
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
Since \fBsample\fP is normally not a port defined in \fB/etc/services\fP,
|
|
Packit |
fd8b60 |
you will usually have to add a line to \fB/etc/services\fP which looks
|
|
Packit |
fd8b60 |
like this:
|
|
Packit |
fd8b60 |
.INDENT 0.0
|
|
Packit |
fd8b60 |
.INDENT 3.5
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
.nf
|
|
Packit |
fd8b60 |
.ft C
|
|
Packit |
fd8b60 |
sample 13135/tcp
|
|
Packit |
fd8b60 |
.ft P
|
|
Packit |
fd8b60 |
.fi
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
When using sclient, you will first have to have an entry in the
|
|
Packit |
fd8b60 |
Kerberos database, by using kadmin(1), and then you have to get
|
|
Packit |
fd8b60 |
Kerberos tickets, by using kinit(1)\&. Also, if you are running
|
|
Packit |
fd8b60 |
the sclient program on a different host than the sserver it will be
|
|
Packit |
fd8b60 |
connecting to, be sure that both hosts have an entry in /etc/services
|
|
Packit |
fd8b60 |
for the sample tcp port, and that the same port number is in both
|
|
Packit |
fd8b60 |
files.
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
When you run sclient you should see something like this:
|
|
Packit |
fd8b60 |
.INDENT 0.0
|
|
Packit |
fd8b60 |
.INDENT 3.5
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
.nf
|
|
Packit |
fd8b60 |
.ft C
|
|
Packit |
fd8b60 |
sendauth succeeded, reply is:
|
|
Packit |
fd8b60 |
reply len 32, contents:
|
|
Packit |
fd8b60 |
You are nlgilman@JIMI.MIT.EDU
|
|
Packit |
fd8b60 |
.ft P
|
|
Packit |
fd8b60 |
.fi
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.SH COMMON ERROR MESSAGES
|
|
Packit |
fd8b60 |
.INDENT 0.0
|
|
Packit |
fd8b60 |
.IP 1. 3
|
|
Packit |
fd8b60 |
kinit returns the error:
|
|
Packit |
fd8b60 |
.INDENT 3.0
|
|
Packit |
fd8b60 |
.INDENT 3.5
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
.nf
|
|
Packit |
fd8b60 |
.ft C
|
|
Packit |
fd8b60 |
kinit: Client not found in Kerberos database while getting
|
|
Packit |
fd8b60 |
initial credentials
|
|
Packit |
fd8b60 |
.ft P
|
|
Packit |
fd8b60 |
.fi
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
This means that you didn\(aqt create an entry for your username in the
|
|
Packit |
fd8b60 |
Kerberos database.
|
|
Packit |
fd8b60 |
.IP 2. 3
|
|
Packit |
fd8b60 |
sclient returns the error:
|
|
Packit |
fd8b60 |
.INDENT 3.0
|
|
Packit |
fd8b60 |
.INDENT 3.5
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
.nf
|
|
Packit |
fd8b60 |
.ft C
|
|
Packit |
fd8b60 |
unknown service sample/tcp; check /etc/services
|
|
Packit |
fd8b60 |
.ft P
|
|
Packit |
fd8b60 |
.fi
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
This means that you don\(aqt have an entry in /etc/services for the
|
|
Packit |
fd8b60 |
sample tcp port.
|
|
Packit |
fd8b60 |
.IP 3. 3
|
|
Packit |
fd8b60 |
sclient returns the error:
|
|
Packit |
fd8b60 |
.INDENT 3.0
|
|
Packit |
fd8b60 |
.INDENT 3.5
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
.nf
|
|
Packit |
fd8b60 |
.ft C
|
|
Packit |
fd8b60 |
connect: Connection refused
|
|
Packit |
fd8b60 |
.ft P
|
|
Packit |
fd8b60 |
.fi
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
This probably means you didn\(aqt edit /etc/inetd.conf correctly, or
|
|
Packit |
fd8b60 |
you didn\(aqt restart inetd after editing inetd.conf.
|
|
Packit |
fd8b60 |
.IP 4. 3
|
|
Packit |
fd8b60 |
sclient returns the error:
|
|
Packit |
fd8b60 |
.INDENT 3.0
|
|
Packit |
fd8b60 |
.INDENT 3.5
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
.nf
|
|
Packit |
fd8b60 |
.ft C
|
|
Packit |
fd8b60 |
sclient: Server not found in Kerberos database while using
|
|
Packit |
fd8b60 |
sendauth
|
|
Packit |
fd8b60 |
.ft P
|
|
Packit |
fd8b60 |
.fi
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
This means that the \fBsample/hostname@LOCAL.REALM\fP service was not
|
|
Packit |
fd8b60 |
defined in the Kerberos database; it should be created using
|
|
Packit |
fd8b60 |
kadmin(1), and a keytab file needs to be generated to make
|
|
Packit |
fd8b60 |
the key for that service principal available for sclient.
|
|
Packit |
fd8b60 |
.IP 5. 3
|
|
Packit |
fd8b60 |
sclient returns the error:
|
|
Packit |
fd8b60 |
.INDENT 3.0
|
|
Packit |
fd8b60 |
.INDENT 3.5
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
.nf
|
|
Packit |
fd8b60 |
.ft C
|
|
Packit |
fd8b60 |
sendauth rejected, error reply is:
|
|
Packit |
fd8b60 |
"No such file or directory"
|
|
Packit |
fd8b60 |
.ft P
|
|
Packit |
fd8b60 |
.fi
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
This probably means sserver couldn\(aqt find the keytab file. It was
|
|
Packit |
fd8b60 |
probably not installed in the proper directory.
|
|
Packit |
fd8b60 |
.UNINDENT
|
|
Packit |
fd8b60 |
.SH ENVIRONMENT
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
See kerberos(7) for a description of Kerberos environment
|
|
Packit |
fd8b60 |
variables.
|
|
Packit |
fd8b60 |
.SH SEE ALSO
|
|
Packit |
fd8b60 |
.sp
|
|
Packit |
fd8b60 |
sclient(1), kerberos(7), services(5), inetd(8)
|
|
Packit |
fd8b60 |
.SH AUTHOR
|
|
Packit |
fd8b60 |
MIT
|
|
Packit |
fd8b60 |
.SH COPYRIGHT
|
|
Packit |
fd8b60 |
1985-2020, MIT
|
|
Packit |
fd8b60 |
.\" Generated by docutils manpage writer.
|
|
Packit |
fd8b60 |
.
|