1 .TH "SSERVER" "8" " " "0.0.1" "MIT Kerberos"
3 sserver \- sample Kerberos version 5 server
5 .nr rst2man-indent-level 0
9 level \\n[rst2man-indent-level]
10 level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
17 .\" .rstReportMargin pre:
19 . nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
20 . nr rst2man-indent-level +1
21 .\" .rstReportMargin post:
25 .\" indent \\n[an-margin]
26 .\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
27 .nr rst2man-indent-level -1
28 .\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
29 .in \\n[rst2man-indent\\n[rst2man-indent-level]]u
31 .\" Man page generated from reStructeredText.
36 [ \fB\-p\fP \fIport\fP ]
37 [ \fB\-S\fP \fIkeytab\fP ]
41 sserver and \fIsclient(1)\fP are a simple demonstration client/server
42 application. When sclient connects to sserver, it performs a Kerberos
43 authentication, and then sserver returns to sclient the Kerberos
44 principal which was used for the Kerberos authentication. It makes a
45 good test that Kerberos has been successfully installed on a machine.
47 The service name used by sserver and sclient is sample. Hence,
48 sserver will require that there be a keytab entry for the service
49 \fBsample/hostname.domain.name@REALM.NAME\fP. This keytab is generated
50 using the \fIkadmin(1)\fP program. The keytab file is usually
51 installed as \fB/etc/krb5.keytab\fP.
53 The \fB\-S\fP option allows for a different keytab than the default.
55 sserver is normally invoked out of inetd(8), using a line in
56 \fB/etc/inetd.conf\fP that looks like this:
62 sample stream tcp nowait root /usr/local/sbin/sserver sserver
68 Since \fBsample\fP is normally not a port defined in \fB/etc/services\fP,
69 you will usually have to add a line to \fB/etc/services\fP which looks
82 When using sclient, you will first have to have an entry in the
83 Kerberos database, by using \fIkadmin(1)\fP, and then you have to get
84 Kerberos tickets, by using \fIkinit(1)\fP. Also, if you are running
85 the sclient program on a different host than the sserver it will be
86 connecting to, be sure that both hosts have an entry in /etc/services
87 for the sample tcp port, and that the same port number is in both
90 When you run sclient you should see something like this:
96 sendauth succeeded, reply is:
97 reply len 32, contents:
98 You are nlgilman@JIMI.MIT.EDU
103 .SH COMMON ERROR MESSAGES
107 kinit returns the error:
113 kinit: Client not found in Kerberos database while getting
120 This means that you didn\(aqt create an entry for your username in the
124 sclient returns the error:
130 unknown service sample/tcp; check /etc/services
136 This means that you don\(aqt have an entry in /etc/services for the
140 sclient returns the error:
146 connect: Connection refused
152 This probably means you didn\(aqt edit /etc/inetd.conf correctly, or
153 you didn\(aqt restart inetd after editing inetd.conf.
156 sclient returns the error:
162 sclient: Server not found in Kerberos database while using
169 This means that the \fBsample/hostname@LOCAL.REALM\fP service was not
170 defined in the Kerberos database; it should be created using
171 \fIkadmin(1)\fP, and a keytab file needs to be generated to make
172 the key for that service principal available for sclient.
175 sclient returns the error:
181 sendauth rejected, error reply is:
182 "No such file or directory"
188 This probably means sserver couldn\(aqt find the keytab file. It was
189 probably not installed in the proper directory.
193 \fIsclient(1)\fP, services(5), inetd(8)
198 .\" Generated by docutils manpage writer.