The sample server-side program gss-server works in conjunction with gss-client, which is described in the previous chapter. The basic purpose of gss-server is to receive, sign, and return the wrapped message from gssapi-client.
The following sections provide a step-by-step description of how gss-server works. Because gss-server is a sample program for demonstrating GSSAPI functionality, only relevant parts of the program are discussed in detail.
The gss-structure application performs the following steps:
Parses the command line.
If a mechanism is specified, translates the mechanism name to internal format.
Acquires credentials for the caller.
Checks to see whether the user has specified using the inetd daemon for connecting.
Makes a connection with the client.
Receives the data from the client.
Signs and returns the data.
Releases namespaces and exits.
gss-server takes this form on the command line:
gss-server [–port port] [–verbose] [–inetd] [–once] [–logfile file] \ [–mech mechanism] service-name
port is the port number to listen on. If no port is specified, the program uses port 4444 as the default.
–verbose causes messages to be displayed as gss-server runs.
–inetd indicates that the program should use the inetd daemon to listen to a port. –inetd uses stdin and stdout to connect to the client.
–once indicates a single-instance connection only.
mechanism is the name of a security mechanism to use, such as Kerberos v5. If no mechanism is specified, the GSS-API uses a default mechanism.
service-name is the name of the network service that is requested by the client, such as ftp or the login service.
A typical command line might look like the following example:
$ gss-server -port 8080 -once -mech kerberos_v5 erebos.eng nfs "hello"