O'Reilly logo

Kerberos: The Definitive Guide by Jason Garman

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Debugging Tools

The MIT Kerberos distribution includes a small sample Kerberized client/server application. These example applications are located in the src/appl/sample subdirectory of the MIT Kerberos 5 distribution.

Just like any other Kerberized server, the sample server requires a service principal and access to the secret key associated with that principal through a keytab file. By default, the sample server uses a principal name of “sample,” with an instance of the hostname that it is running on. If you’re having trouble with a particular service principal, the sample server and client can use any principal name to communicate with each other, given the sample server has read access to the service’s keytab file.

The command-line arguments accepted by the sample server are:

> ./sserver -h
usage: ./sserver [-p port] [-s service] [-S keytab]

The -p argument specifies what TCP port that the server will listen on for client requests. If this argument isn’t specified, then sserver will immediately exit. The -s option can be used to specify a particular service principal (instead of the default, “sample”). For example, the host principal can be specified by -s host. Finally, the -S option specifies a keytab file in which the server can find the secret key for the service principal. By default, sserver will use /etc/krb5.keytab.

Ensure that a valid keytab entry for the principal you’re using to test exists in a keytab file and is readable by the user you’re starting sserver as. Note ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required