Developer's Guide to Oracle Solaris Security

GSSAPI Server Example Overview

The sample server-side program gss-server works in conjunction with gss-client, which is described in the previous chapter. The basic purpose of gss-server is to receive, sign, and return the wrapped message from gssapi-client.

The following sections provide a step-by-step description of how gss-server works. Because gss-server is a sample program for demonstrating GSSAPI functionality, only relevant parts of the program are discussed in detail. The complete source code for the two applications appears in the appendix and can be downloaded from:

GSSAPI Server Example Structure

    The gss-structure application performs the following steps:

  1. Parses the command line.

  2. If a mechanism is specified, translates the mechanism name to internal format.

  3. Acquires credentials for the caller.

  4. Checks to see whether the user has specified using the inetd daemon for connecting.

  5. Makes a connection with the client.

  6. Receives the data from the client.

  7. Signs and returns the data.

  8. Releases namespaces and exits.

Running the GSSAPI Server Example

gss-server takes this form on the command line

gss-server [-port port] [-verbose] [-inetd] [-once] [-logfile file] \
                 [-mech mechanism] service-name

A typical command line might look like the following example:

% gss-server -port 8080 -once -mech kerberos_v5 erebos.eng nfs "hello"