Debugging Tools
The MIT Kerberos distribution includes a small sample Kerberized client/server application. These example applications are located in the src/appl/sample subdirectory of the MIT Kerberos 5 distribution.
Just like any other Kerberized server, the sample server requires a service principal and access to the secret key associated with that principal through a keytab file. By default, the sample server uses a principal name of “sample,” with an instance of the hostname that it is running on. If you’re having trouble with a particular service principal, the sample server and client can use any principal name to communicate with each other, given the sample server has read access to the service’s keytab file.
The command-line arguments accepted by the sample server are:
> ./sserver -h usage: ./sserver [-p port] [-s service] [-S keytab]
The -p argument specifies what
TCP port that the server will listen on for client requests. If this
argument isn’t specified, then sserver will immediately exit. The -s option can be used to specify a particular
service principal (instead of the default, “sample”). For example, the
host principal can be specified by -s host. Finally, the -S
option specifies a keytab file in which the server can find the secret
key for the service principal. By default, sserver will use
/etc/krb5.keytab.
Ensure that a valid keytab entry for the principal you’re using to
test exists in a keytab file and is readable by the user you’re starting
sserver as. Note ...
Get Kerberos: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
