Developer's Guide to Oracle Solaris Security

GSSAPI Client Example Overview

The sample client-side program gss-client creates a security context with a server, establishes security parameters, and sends the message string to the server. The program uses a simple TCP-based sockets connection to make the connection.

The following sections provide a step-by-step description of how gss-client works. Because gss-client is a sample program that has been designed to show off GSSAPI functionality, only relevant parts of the program are discussed in detail. The complete source code for the two applications appears in the appendix and can be downloaded from:

GSSAPI Client Example Structure

    The gss-client application performs the following steps:

  1. Parses the command line.

  2. Creates an object ID (OID) for a mechanism, if a mechanism is specified. Otherwise, the default mechanism is used, which is most commonly the case.

  3. Creates a connection to the server.

  4. Establishes a security context.

  5. Wraps and sends the message.

  6. Verifies that the message has been “signed” correctly by the server.

  7. Deletes the security context.

Running the GSSAPI Client Example

The gss-client example takes this form on the command line:

gss-client [-port port] [-d] [-mech mech] host service-name [-f] msg

A typical command line for client application program might look like the following example:

% gss-client -port 8080 -d -mech kerberos_v5 erebos.eng nfs "ls"

The following example does not specify a mechanism, port, or delegation:

% gss-client erebos.eng nfs "ls"