this commit includes all the changes on the OV_9510_INTEGRATION and

OV_MERGE branches.  This includes, but is not limited to, the new openvision
admin system, and major changes to gssapi to add functionality, and bring
the implementation in line with rfc1964.  before committing, the
code was built and tested for netbsd and solaris.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8774 dc483132-0cff-0310-8789-dd5450dbe970

1 files changed, 23 insertions, 16 deletions

diff --git a/src/appl/gss-sample/README b/src/appl/gss-sample/README
index a8d0afa7e..52b1b2143 100644
--- a/src/appl/gss-sample/README
+++ b/src/appl/gss-sample/README
@@ -41,26 +41,30 @@ interfaces.
 
 The server's command line usage is
 
-	gss-server [-port port] [-v2] service_name
+	gss-server [-port port] [-k keytab] service_name
 
 where service_name is a GSS-API service name of the form
-"service@host".  The server will accept TCP connections on port
-(default 4444) and establish contexts as service_name.  The -v2 option
-means that the GSSAPI v2 calls should be used (and tested).
-
+"service@host" (or just "service", in which case the local host name
+is used).  The server will accept TCP connections on port (default
+4444) and establish contexts as service_name.  If you compile with
+GSS_KRB5 defined and link against the MIT Kerberos libraries, the -k
+option specifies a keytab to use instead of the default one.
 
 The client's command line usage is
 
-	gss-client [-port port] [-v2] [-d] host service_name msg
+	gss-client [-port port] [-d] host service_name msg
 
 where host is the host running the server, service_name is the service
-name that the server will establish connections as, and msg is the
-message.  The client connects to the TCP on <host:port> (default 4444)
-and performs the exchange. The "-d" option specifies delegation -
-a forwardable TGT will be sent to the server, which will put it in
-its credential cache (you must kinit -f for this to work). 
-The -v2 option means that the GSSAPI v2 calls should be used (and
-tested).
+name that the server will establish connections as (if you don't
+specify the host name in the service name when running gss-server, and
+it's running on a different machine from gss-client, make sure to
+specify the server's host name in the service name you specify to
+gss-client!) and msg is the message.  The client connects to the TCP
+on <host:port> (default 4444) and performs a context
+establishment. The "-d" option specifies delegation - a forwardable
+TGT will be sent to the server, which will put it in its credential
+cache (you must kinit -f for this to work).  The -v2 option means that
+the GSSAPI v2 calls should be used (and tested).
 
 If you are using this sample application with OpenVision's Kerberos 5
 GSS-API mechanism:
@@ -69,9 +73,10 @@ GSS-API mechanism:
 -lisode -lcom_err.
 
 2.  Make sure that the principal corresponding to service_name is in
-the default keytab on the server host, and that the gss-server process
-can read the keytab.  For example, the service name "host@server"
-corresponds to the Kerberos principal "host/server.domain.com@REALM".
+the default or specified keytab on the server host, and that the
+gss-server process can read the keytab.  For example, the service name
+"host@server" corresponds to the Kerberos principal
+"host/server.domain.com@REALM".
 
 This sample application uses the following GSS-API functions:
 
@@ -85,3 +90,5 @@ This sample application uses the following GSS-API functions:
 
 Barry Jaspan, bjaspan@security.ov.com
 OpenVision Technologies, Inc.
+
+$Id$