FreeBSD Manual Pages
SSERVER(8) MIT Kerberos SSERVER(8) NAME sserver - sample Kerberos version 5 server SYNOPSIS sserver [ -p port ] [ -S keytab ] [ server_port ] DESCRIPTION sserver and sclient(1) are a simple demonstration client/server appli- cation. When sclient connects to sserver, it performs a Kerberos au- thentication, and then sserver returns to sclient the Kerberos princi- pal which was used for the Kerberos authentication. It makes a good test that Kerberos has been successfully installed on a machine. The service name used by sserver and sclient is sample. Hence, sserver will require that there be a keytab entry for the service sample/host- name.domain.name@REALM.NAME. This keytab is generated using the kad- min(1) program. The keytab file is usually installed as FILE:/etc/krb5.keytab. The -S option allows for a different keytab than the default. sserver is normally invoked out of inetd(8), using a line in /etc/in- etd.conf that looks like this: sample stream tcp nowait root /usr/local/sbin/sserver sserver Since sample is normally not a port defined in /etc/services, you will usually have to add a line to /etc/services which looks like this: sample 13135/tcp When using sclient, you will first have to have an entry in the Ker- beros database, by using kadmin(1), and then you have to get Kerberos tickets, by using kinit(1). Also, if you are running the sclient pro- gram on a different host than the sserver it will be connecting to, be sure that both hosts have an entry in /etc/services for the sample tcp port, and that the same port number is in both files. When you run sclient you should see something like this: sendauth succeeded, reply is: reply len 32, contents: You are nlgilman@JIMI.MIT.EDU COMMON ERROR MESSAGES 1. kinit returns the error: kinit: Client not found in Kerberos database while getting initial credentials This means that you didn't create an entry for your username in the Kerberos database. 2. sclient returns the error: unknown service sample/tcp; check /etc/services This means that you don't have an entry in /etc/services for the sample tcp port. 3. sclient returns the error: connect: Connection refused This probably means you didn't edit /etc/inetd.conf correctly, or you didn't restart inetd after editing inetd.conf. 4. sclient returns the error: sclient: Server not found in Kerberos database while using sendauth This means that the sample/hostname@LOCAL.REALM service was not de- fined in the Kerberos database; it should be created using kad- min(1), and a keytab file needs to be generated to make the key for that service principal available for sclient. 5. sclient returns the error: sendauth rejected, error reply is: "No such file or directory" This probably means sserver couldn't find the keytab file. It was probably not installed in the proper directory. ENVIRONMENT See kerberos(7) for a description of Kerberos environment variables. SEE ALSO sclient(1), kerberos(7), services(5), inetd(8) AUTHOR MIT COPYRIGHT 1985-2024, MIT 1.22 SSERVER(8)
NAME | SYNOPSIS | DESCRIPTION | COMMON ERROR MESSAGES | ENVIRONMENT | SEE ALSO | AUTHOR | COPYRIGHT
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=sserver&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>
