sserver(8) MIT Kerberos sserver(8)
NAME
sserver - sample Kerberos version 5 server
SYNOPSIS
sserver [ -p port ] [ -S keytab ] [ server_port ]
DESCRIPTION
sserver and sclient(1) are a simple demonstration client/server appli-
cation. When sclient connects to sserver, it performs a Kerberos
authentication, and then sserver returns to sclient the Kerberos prin-
cipal which was used for the Kerberos authentication. It makes a good
test that Kerberos has been successfully installed on a machine.
The service name used by sserver and sclient is sample. Hence, sserver
will require that there be a keytab entry for the service sample/host-
name.domain.name@REALM.NAME. This keytab is generated using the kad-
min(1) program. The keytab file is usually installed as
FILE:/etc/krb5.keytab.
The -S option allows for a different keytab than the default.
sserver is normally invoked out of inetd(8), using a line in
/etc/inetd.conf that looks like this:
sample stream tcp nowait root /usr/local/sbin/sserver sserver
Since sample is normally not a port defined in /etc/services, you will
usually have to add a line to /etc/services which looks like this:
sample 13135/tcp
When using sclient, you will first have to have an entry in the Ker-
beros database, by using kadmin(1), and then you have to get Kerberos
tickets, by using kinit(1). Also, if you are running the sclient pro-
gram on a different host than the sserver it will be connecting to, be
sure that both hosts have an entry in /etc/services for the sample tcp
port, and that the same port number is in both files.
When you run sclient you should see something like this:
sendauth succeeded, reply is:
reply len 32, contents:
You are nlgilman@JIMI.MIT.EDU
COMMON ERROR MESSAGES
1. kinit returns the error:
kinit: Client not found in Kerberos database while getting
initial credentials
This means that you didn't create an entry for your username in the
Kerberos database.
2. sclient returns the error:
unknown service sample/tcp; check /etc/services
This means that you don't have an entry in /etc/services for the
sample tcp port.
3. sclient returns the error:
connect: Connection refused
This probably means you didn't edit /etc/inetd.conf correctly, or
you didn't restart inetd after editing inetd.conf.
4. sclient returns the error:
sclient: Server not found in Kerberos database while using
sendauth
This means that the sample/hostname@LOCAL.REALM service was not
defined in the Kerberos database; it should be created using kad-
min(1), and a keytab file needs to be generated to make the key for
that service principal available for sclient.
5. sclient returns the error:
sendauth rejected, error reply is:
"No such file or directory"
This probably means sserver couldn't find the keytab file. It was
probably not installed in the proper directory.
ENVIRONMENT
See kerberos(7) for a description of Kerberos environment variables.
SEE ALSO
sclient(1), kerberos(7), services(5), inetd(8)
AUTHOR
MIT
COPYRIGHT
1985-2018, MIT
1.16.2 sserver(8)
kerberos5 1.16.2 - Generated Mon Nov 12 16:20:41 CST 2018