diff options
Diffstat (limited to 'src/appl/gss-sample/README')
-rw-r--r-- | src/appl/gss-sample/README | 39 |
1 files changed, 23 insertions, 16 deletions
diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README index a8d0afa7e2..52b1b2143e 100644 --- a/src/appl/gss-sample/README +++ b/src/appl/gss-sample/README @@ -41,26 +41,30 @@ interfaces. The server's command line usage is - gss-server [-port port] [-v2] service_name + gss-server [-port port] [-k keytab] service_name where service_name is a GSS-API service name of the form -"service@host". The server will accept TCP connections on port -(default 4444) and establish contexts as service_name. The -v2 option -means that the GSSAPI v2 calls should be used (and tested). - +"service@host" (or just "service", in which case the local host name +is used). The server will accept TCP connections on port (default +4444) and establish contexts as service_name. If you compile with +GSS_KRB5 defined and link against the MIT Kerberos libraries, the -k +option specifies a keytab to use instead of the default one. The client's command line usage is - gss-client [-port port] [-v2] [-d] host service_name msg + gss-client [-port port] [-d] host service_name msg where host is the host running the server, service_name is the service -name that the server will establish connections as, and msg is the -message. The client connects to the TCP on <host:port> (default 4444) -and performs the exchange. The "-d" option specifies delegation - -a forwardable TGT will be sent to the server, which will put it in -its credential cache (you must kinit -f for this to work). -The -v2 option means that the GSSAPI v2 calls should be used (and -tested). +name that the server will establish connections as (if you don't +specify the host name in the service name when running gss-server, and +it's running on a different machine from gss-client, make sure to +specify the server's host name in the service name you specify to +gss-client!) and msg is the message. The client connects to the TCP +on <host:port> (default 4444) and performs a context +establishment. The "-d" option specifies delegation - a forwardable +TGT will be sent to the server, which will put it in its credential +cache (you must kinit -f for this to work). The -v2 option means that +the GSSAPI v2 calls should be used (and tested). If you are using this sample application with OpenVision's Kerberos 5 GSS-API mechanism: @@ -69,9 +73,10 @@ GSS-API mechanism: -lisode -lcom_err. 2. Make sure that the principal corresponding to service_name is in -the default keytab on the server host, and that the gss-server process -can read the keytab. For example, the service name "host@server" -corresponds to the Kerberos principal "host/server.domain.com@REALM". +the default or specified keytab on the server host, and that the +gss-server process can read the keytab. For example, the service name +"host@server" corresponds to the Kerberos principal +"host/server.domain.com@REALM". This sample application uses the following GSS-API functions: @@ -85,3 +90,5 @@ This sample application uses the following GSS-API functions: Barry Jaspan, bjaspan@security.ov.com OpenVision Technologies, Inc. + +$Id$ |