JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Developer's Guide to Oracle Solaris 11 Security     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Oracle Solaris Security for Developers (Overview)

2.  Developing Privileged Applications

3.  Writing PAM Applications and Services

4.  Writing Applications That Use GSS-API

5.  GSS-API Client Example

GSSAPI Client Example Overview

GSSAPI Client Example Structure

Running the GSSAPI Client Example

GSSAPI Client Example: main() Function

Opening a Connection With the Server

Establishing a Security Context With the Server

Translating a Service Name into GSS-API Format

Establishing a Security Context for GSS-API

Miscellaneous GSSAPI Context Operations on the Client Side

Wrapping and Sending a Message

Reading and Verifying a Signature Block From a GSS-API Client

Deleting the Security Context

6.  GSS-API Server Example

7.  Writing Applications That Use SASL

8.  Introduction to the Oracle Solaris Cryptographic Framework

9.  Writing User-Level Cryptographic Applications

10.  Introduction to the Oracle Solaris Key Management Framework

A.  Secure Coding Guidelines for Developers

B.  Sample C-Based GSS-API Programs

C.  GSS-API Reference

D.  Specifying an OID

E.  Source Code for SASL Example

F.  SASL Reference Tables

Glossary

Index

GSSAPI Client Example Overview

The sample client-side program gss-client creates a security context with a server, establishes security parameters, and sends the message string to the server. The program uses a simple TCP-based sockets connection to make the connection.

The following sections provide a step-by-step description of how gss-client works. Because gss-client is a sample program that has been designed to show off GSSAPI functionality, only relevant parts of the program are discussed in detail. The complete source code for the two applications appears in the appendix and can be downloaded from the Oracle download center. See http://www.oracle.com/technetwork/indexes/downloads/sdlc-decommission-333274.html.

GSSAPI Client Example Structure

The gss-client application performs the following steps:

  1. Parses the command line.

  2. Creates an object ID (OID) for a mechanism, if a mechanism is specified. Otherwise, the default mechanism is used, which is most commonly the case.

  3. Creates a connection to the server.

  4. Establishes a security context.

  5. Wraps and sends the message.

  6. Verifies that the message has been “signed” correctly by the server.

  7. Deletes the security context.

Running the GSSAPI Client Example

The gss-client example takes this form on the command line:

gss-client [-port port] [-d] [-mech mech] host service-name [-f] msg

A typical command line for client application program might look like the following example:

% gss-client -port 8080 -d -mech kerberos_v5 erebos.eng nfs "ls"

The following example does not specify a mechanism, port, or delegation:

% gss-client erebos.eng nfs "ls"