aboutsummaryrefslogtreecommitdiff
path: root/doc/admin/admin_commands/sserver.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/admin/admin_commands/sserver.rst')
-rw-r--r--doc/admin/admin_commands/sserver.rst105
1 files changed, 105 insertions, 0 deletions
diff --git a/doc/admin/admin_commands/sserver.rst b/doc/admin/admin_commands/sserver.rst
new file mode 100644
index 000000000000..b4e464466727
--- /dev/null
+++ b/doc/admin/admin_commands/sserver.rst
@@ -0,0 +1,105 @@
+.. _sserver(8):
+
+sserver
+=======
+
+SYNOPSIS
+--------
+
+**sserver**
+[ **-p** *port* ]
+[ **-S** *keytab* ]
+[ *server_port* ]
+
+
+DESCRIPTION
+-----------
+
+sserver and :ref:`sclient(1)` are a simple demonstration client/server
+application. When sclient connects to sserver, it performs a Kerberos
+authentication, and then sserver returns to sclient the Kerberos
+principal which was used for the Kerberos authentication. It makes a
+good test that Kerberos has been successfully installed on a machine.
+
+The service name used by sserver and sclient is sample. Hence,
+sserver will require that there be a keytab entry for the service
+``sample/hostname.domain.name@REALM.NAME``. This keytab is generated
+using the :ref:`kadmin(1)` program. The keytab file is usually
+installed as |keytab|.
+
+The **-S** option allows for a different keytab than the default.
+
+sserver is normally invoked out of inetd(8), using a line in
+``/etc/inetd.conf`` that looks like this::
+
+ sample stream tcp nowait root /usr/local/sbin/sserver sserver
+
+Since ``sample`` is normally not a port defined in ``/etc/services``,
+you will usually have to add a line to ``/etc/services`` which looks
+like this::
+
+ sample 13135/tcp
+
+When using sclient, you will first have to have an entry in the
+Kerberos database, by using :ref:`kadmin(1)`, and then you have to get
+Kerberos tickets, by using :ref:`kinit(1)`. Also, if you are running
+the sclient program on a different host than the sserver it will be
+connecting to, be sure that both hosts have an entry in /etc/services
+for the sample tcp port, and that the same port number is in both
+files.
+
+When you run sclient you should see something like this::
+
+ sendauth succeeded, reply is:
+ reply len 32, contents:
+ You are nlgilman@JIMI.MIT.EDU
+
+
+COMMON ERROR MESSAGES
+---------------------
+
+1) kinit returns the error::
+
+ kinit: Client not found in Kerberos database while getting
+ initial credentials
+
+ This means that you didn't create an entry for your username in the
+ Kerberos database.
+
+2) sclient returns the error::
+
+ unknown service sample/tcp; check /etc/services
+
+ This means that you don't have an entry in /etc/services for the
+ sample tcp port.
+
+3) sclient returns the error::
+
+ connect: Connection refused
+
+ This probably means you didn't edit /etc/inetd.conf correctly, or
+ you didn't restart inetd after editing inetd.conf.
+
+4) sclient returns the error::
+
+ sclient: Server not found in Kerberos database while using
+ sendauth
+
+ This means that the ``sample/hostname@LOCAL.REALM`` service was not
+ defined in the Kerberos database; it should be created using
+ :ref:`kadmin(1)`, and a keytab file needs to be generated to make
+ the key for that service principal available for sclient.
+
+5) sclient returns the error::
+
+ sendauth rejected, error reply is:
+ "No such file or directory"
+
+ This probably means sserver couldn't find the keytab file. It was
+ probably not installed in the proper directory.
+
+
+SEE ALSO
+--------
+
+:ref:`sclient(1)`, services(5), inetd(8)
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 18:00:20 +0000