test

GSS-API Programming Guide

Overview: main() (Server)

gss-client begins with the main() function. main() performs the following tasks:

  1. It parses command-line arguments, assigning them to variables:

    • port, if specified, is the port number to listen on. If no port is specified, the program uses port 4444 as the default.

    • If -verbose is specified, the program runs in a quasi-debug mode.

    • The -inetd option indicates that the program should use the inetd daemon to listen to a port; inetd uses stdin and stdout to hand the connection to the client.

    • If -once is specified, then the program makes only a single-instance connection.

    • mechanism is the (optional) name of the security mechanism to use, such as Kerberos v5, to use. If no mechanism is specified, the GSS-API uses a default mechanism.

    • The name of the network service requested by the client (such as telnet, ftp, or login service) is specified by service_name.

    An example command line might look like this:


    % gss-server -port 8080 -once -mech kerberos_v5 erebos.eng nfs "hello"

  2. It converts the mechanism, if specified, to a GSS-API object identifier (OID). This is because GSS-API functions handle names in internal format.

  3. It acquires the credentials for the service (such as ftp), for the mechanism being used (for example, Kerberos v5).

  4. It calls the sign_server() function, which does most of the work (establishes the connection, retrieves and signs the message, and so on).

    If the user has specified using inetd, then the program closes the standard output and standard error and calls sign_server() on the standard input, which inetd uses to pass connections. Otherwise, it creates a socket, accepts the connection for that socket with the TCP function accept(), and calls sign_server() on the file descriptor returned by accept().

    If inetd is not used, the program creates connections and contexts until it's terminated. However, if the user has specified the -once option, the loop terminates after the first connection.

  5. It releases the credentials it has acquired.

  6. It releases the mechanism OID namespace.

  7. It closes the connection, if it's still open.