1.. _sserver(8): 2 3sserver 4======= 5 6SYNOPSIS 7-------- 8 9**sserver** 10[ **-p** *port* ] 11[ **-S** *keytab* ] 12[ *server_port* ] 13 14 15DESCRIPTION 16----------- 17 18sserver and :ref:`sclient(1)` are a simple demonstration client/server 19application. When sclient connects to sserver, it performs a Kerberos 20authentication, and then sserver returns to sclient the Kerberos 21principal which was used for the Kerberos authentication. It makes a 22good test that Kerberos has been successfully installed on a machine. 23 24The service name used by sserver and sclient is sample. Hence, 25sserver will require that there be a keytab entry for the service 26``sample/hostname.domain.name@REALM.NAME``. This keytab is generated 27using the :ref:`kadmin(1)` program. The keytab file is usually 28installed as |keytab|. 29 30The **-S** option allows for a different keytab than the default. 31 32sserver is normally invoked out of inetd(8), using a line in 33``/etc/inetd.conf`` that looks like this:: 34 35 sample stream tcp nowait root /usr/local/sbin/sserver sserver 36 37Since ``sample`` is normally not a port defined in ``/etc/services``, 38you will usually have to add a line to ``/etc/services`` which looks 39like this:: 40 41 sample 13135/tcp 42 43When using sclient, you will first have to have an entry in the 44Kerberos database, by using :ref:`kadmin(1)`, and then you have to get 45Kerberos tickets, by using :ref:`kinit(1)`. Also, if you are running 46the sclient program on a different host than the sserver it will be 47connecting to, be sure that both hosts have an entry in /etc/services 48for the sample tcp port, and that the same port number is in both 49files. 50 51When you run sclient you should see something like this:: 52 53 sendauth succeeded, reply is: 54 reply len 32, contents: 55 You are nlgilman@JIMI.MIT.EDU 56 57 58COMMON ERROR MESSAGES 59--------------------- 60 611) kinit returns the error:: 62 63 kinit: Client not found in Kerberos database while getting 64 initial credentials 65 66 This means that you didn't create an entry for your username in the 67 Kerberos database. 68 692) sclient returns the error:: 70 71 unknown service sample/tcp; check /etc/services 72 73 This means that you don't have an entry in /etc/services for the 74 sample tcp port. 75 763) sclient returns the error:: 77 78 connect: Connection refused 79 80 This probably means you didn't edit /etc/inetd.conf correctly, or 81 you didn't restart inetd after editing inetd.conf. 82 834) sclient returns the error:: 84 85 sclient: Server not found in Kerberos database while using 86 sendauth 87 88 This means that the ``sample/hostname@LOCAL.REALM`` service was not 89 defined in the Kerberos database; it should be created using 90 :ref:`kadmin(1)`, and a keytab file needs to be generated to make 91 the key for that service principal available for sclient. 92 935) sclient returns the error:: 94 95 sendauth rejected, error reply is: 96 "No such file or directory" 97 98 This probably means sserver couldn't find the keytab file. It was 99 probably not installed in the proper directory. 100 101 102ENVIRONMENT 103----------- 104 105See :ref:`kerberos(7)` for a description of Kerberos environment 106variables. 107 108 109SEE ALSO 110-------- 111 112:ref:`sclient(1)`, :ref:`kerberos(7)`, services(5), inetd(8) 113