1*7f2fe78bSCy Schubert.. _sserver(8): 2*7f2fe78bSCy Schubert 3*7f2fe78bSCy Schubertsserver 4*7f2fe78bSCy Schubert======= 5*7f2fe78bSCy Schubert 6*7f2fe78bSCy SchubertSYNOPSIS 7*7f2fe78bSCy Schubert-------- 8*7f2fe78bSCy Schubert 9*7f2fe78bSCy Schubert**sserver** 10*7f2fe78bSCy Schubert[ **-p** *port* ] 11*7f2fe78bSCy Schubert[ **-S** *keytab* ] 12*7f2fe78bSCy Schubert[ *server_port* ] 13*7f2fe78bSCy Schubert 14*7f2fe78bSCy Schubert 15*7f2fe78bSCy SchubertDESCRIPTION 16*7f2fe78bSCy Schubert----------- 17*7f2fe78bSCy Schubert 18*7f2fe78bSCy Schubertsserver and :ref:`sclient(1)` are a simple demonstration client/server 19*7f2fe78bSCy Schubertapplication. When sclient connects to sserver, it performs a Kerberos 20*7f2fe78bSCy Schubertauthentication, and then sserver returns to sclient the Kerberos 21*7f2fe78bSCy Schubertprincipal which was used for the Kerberos authentication. It makes a 22*7f2fe78bSCy Schubertgood test that Kerberos has been successfully installed on a machine. 23*7f2fe78bSCy Schubert 24*7f2fe78bSCy SchubertThe service name used by sserver and sclient is sample. Hence, 25*7f2fe78bSCy Schubertsserver will require that there be a keytab entry for the service 26*7f2fe78bSCy Schubert``sample/hostname.domain.name@REALM.NAME``. This keytab is generated 27*7f2fe78bSCy Schubertusing the :ref:`kadmin(1)` program. The keytab file is usually 28*7f2fe78bSCy Schubertinstalled as |keytab|. 29*7f2fe78bSCy Schubert 30*7f2fe78bSCy SchubertThe **-S** option allows for a different keytab than the default. 31*7f2fe78bSCy Schubert 32*7f2fe78bSCy Schubertsserver is normally invoked out of inetd(8), using a line in 33*7f2fe78bSCy Schubert``/etc/inetd.conf`` that looks like this:: 34*7f2fe78bSCy Schubert 35*7f2fe78bSCy Schubert sample stream tcp nowait root /usr/local/sbin/sserver sserver 36*7f2fe78bSCy Schubert 37*7f2fe78bSCy SchubertSince ``sample`` is normally not a port defined in ``/etc/services``, 38*7f2fe78bSCy Schubertyou will usually have to add a line to ``/etc/services`` which looks 39*7f2fe78bSCy Schubertlike this:: 40*7f2fe78bSCy Schubert 41*7f2fe78bSCy Schubert sample 13135/tcp 42*7f2fe78bSCy Schubert 43*7f2fe78bSCy SchubertWhen using sclient, you will first have to have an entry in the 44*7f2fe78bSCy SchubertKerberos database, by using :ref:`kadmin(1)`, and then you have to get 45*7f2fe78bSCy SchubertKerberos tickets, by using :ref:`kinit(1)`. Also, if you are running 46*7f2fe78bSCy Schubertthe sclient program on a different host than the sserver it will be 47*7f2fe78bSCy Schubertconnecting to, be sure that both hosts have an entry in /etc/services 48*7f2fe78bSCy Schubertfor the sample tcp port, and that the same port number is in both 49*7f2fe78bSCy Schubertfiles. 50*7f2fe78bSCy Schubert 51*7f2fe78bSCy SchubertWhen you run sclient you should see something like this:: 52*7f2fe78bSCy Schubert 53*7f2fe78bSCy Schubert sendauth succeeded, reply is: 54*7f2fe78bSCy Schubert reply len 32, contents: 55*7f2fe78bSCy Schubert You are nlgilman@JIMI.MIT.EDU 56*7f2fe78bSCy Schubert 57*7f2fe78bSCy Schubert 58*7f2fe78bSCy SchubertCOMMON ERROR MESSAGES 59*7f2fe78bSCy Schubert--------------------- 60*7f2fe78bSCy Schubert 61*7f2fe78bSCy Schubert1) kinit returns the error:: 62*7f2fe78bSCy Schubert 63*7f2fe78bSCy Schubert kinit: Client not found in Kerberos database while getting 64*7f2fe78bSCy Schubert initial credentials 65*7f2fe78bSCy Schubert 66*7f2fe78bSCy Schubert This means that you didn't create an entry for your username in the 67*7f2fe78bSCy Schubert Kerberos database. 68*7f2fe78bSCy Schubert 69*7f2fe78bSCy Schubert2) sclient returns the error:: 70*7f2fe78bSCy Schubert 71*7f2fe78bSCy Schubert unknown service sample/tcp; check /etc/services 72*7f2fe78bSCy Schubert 73*7f2fe78bSCy Schubert This means that you don't have an entry in /etc/services for the 74*7f2fe78bSCy Schubert sample tcp port. 75*7f2fe78bSCy Schubert 76*7f2fe78bSCy Schubert3) sclient returns the error:: 77*7f2fe78bSCy Schubert 78*7f2fe78bSCy Schubert connect: Connection refused 79*7f2fe78bSCy Schubert 80*7f2fe78bSCy Schubert This probably means you didn't edit /etc/inetd.conf correctly, or 81*7f2fe78bSCy Schubert you didn't restart inetd after editing inetd.conf. 82*7f2fe78bSCy Schubert 83*7f2fe78bSCy Schubert4) sclient returns the error:: 84*7f2fe78bSCy Schubert 85*7f2fe78bSCy Schubert sclient: Server not found in Kerberos database while using 86*7f2fe78bSCy Schubert sendauth 87*7f2fe78bSCy Schubert 88*7f2fe78bSCy Schubert This means that the ``sample/hostname@LOCAL.REALM`` service was not 89*7f2fe78bSCy Schubert defined in the Kerberos database; it should be created using 90*7f2fe78bSCy Schubert :ref:`kadmin(1)`, and a keytab file needs to be generated to make 91*7f2fe78bSCy Schubert the key for that service principal available for sclient. 92*7f2fe78bSCy Schubert 93*7f2fe78bSCy Schubert5) sclient returns the error:: 94*7f2fe78bSCy Schubert 95*7f2fe78bSCy Schubert sendauth rejected, error reply is: 96*7f2fe78bSCy Schubert "No such file or directory" 97*7f2fe78bSCy Schubert 98*7f2fe78bSCy Schubert This probably means sserver couldn't find the keytab file. It was 99*7f2fe78bSCy Schubert probably not installed in the proper directory. 100*7f2fe78bSCy Schubert 101*7f2fe78bSCy Schubert 102*7f2fe78bSCy SchubertENVIRONMENT 103*7f2fe78bSCy Schubert----------- 104*7f2fe78bSCy Schubert 105*7f2fe78bSCy SchubertSee :ref:`kerberos(7)` for a description of Kerberos environment 106*7f2fe78bSCy Schubertvariables. 107*7f2fe78bSCy Schubert 108*7f2fe78bSCy Schubert 109*7f2fe78bSCy SchubertSEE ALSO 110*7f2fe78bSCy Schubert-------- 111*7f2fe78bSCy Schubert 112*7f2fe78bSCy Schubert:ref:`sclient(1)`, :ref:`kerberos(7)`, services(5), inetd(8) 113