sserver man page

sserver — sample Kerberos version 5 server


sserver [ -p port ] [ -S keytab ] [ server_port ]


sserver and sclient(1) are a simple demonstration client/server application. When sclient connects to sserver, it performs a Kerberos authentication, and then sserver returns to sclient the Kerberos principal which was used for the Kerberos authentication. It makes a good test that Kerberos has been successfully installed on a machine.

The service name used by sserver and sclient is sample. Hence, sserver will require that there be a keytab entry for the service sample/hostname.domain.name@REALM.NAME. This keytab is generated using the kadmin(1) program. The keytab file is usually installed as FILE:/etc/krb5.keytab.

The -S option allows for a different keytab than the default.

sserver is normally invoked out of inetd(8), using a line in /etc/inetd.conf that looks like this:

sample stream tcp nowait root /usr/local/sbin/sserver sserver

Since sample is normally not a port defined in /etc/services, you will usually have to add a line to /etc/services which looks like this:

sample          13135/tcp

When using sclient, you will first have to have an entry in the Kerberos database, by using kadmin(1), and then you have to get Kerberos tickets, by using kinit(1). Also, if you are running the sclient program on a different host than the sserver it will be connecting to, be sure that both hosts have an entry in /etc/services for the sample tcp port, and that the same port number is in both files.

When you run sclient you should see something like this:

sendauth succeeded, reply is:
reply len 32, contents:
You are nlgilman@JIMI.MIT.EDU

Common Error Messages


kinit returns the error:

kinit: Client not found in Kerberos database while getting
       initial credentials

This means that you didn't create an entry for your username in the Kerberos database.


sclient returns the error:

unknown service sample/tcp; check /etc/services

This means that you don't have an entry in /etc/services for the sample tcp port.


sclient returns the error:

connect: Connection refused

This probably means you didn't edit /etc/inetd.conf correctly, or you didn't restart inetd after editing inetd.conf.


sclient returns the error:

sclient: Server not found in Kerberos database while using

This means that the sample/hostname@LOCAL.REALM service was not defined in the Kerberos database; it should be created using kadmin(1), and a keytab file needs to be generated to make the key for that service principal available for sclient.


sclient returns the error:

sendauth rejected, error reply is:
    "No such file or directory"

This probably means sserver couldn't find the keytab file. It was probably not installed in the proper directory.

See Also

sclient(1), services(5), inetd(8)



Referenced By


Explore man page connections for sserver(8).