The sample server-side programgss-server works in conjunction withgss-client, which is described in the previous chapter. The basic purpose ofgss-server is to receive, sign, and return the wrapped message fromgssapi-client.
The following sections provide a step-by-step description of howgss-server works. Becausegss-server is a sample program for demonstrating GSSAPI functionality, only relevant parts of the program are discussed in detail.
Thegss-structure application performs the following steps:
Parses the command line.
If a mechanism is specified, translates the mechanism name to internal format.
Acquires credentials for the caller.
Checks to see whether the user has specified using theinetd daemon for connecting.
Makes a connection with the client.
Receives the data from the client.
Signs and returns the data.
Releases namespaces and exits.
gss-server takes this form on the command line:
gss-server [–portport] [–verbose] [–inetd] [–once] [–logfile file] \ [–mechmechanism]service-name
port is the port number to listen on. If no port is specified, the program uses port 4444 as the default.
–verbose causes messages to be displayed asgss-server runs.
–inetd indicates that the program should use theinetd daemon to listen to a port.–inetd usesstdin andstdout to connect to the client.
–once indicates a single-instance connection only.
mechanism is the name of a security mechanism to use, such as Kerberos v5. If no mechanism is specified, the GSS-API uses a default mechanism.
service-name is the name of the network service that is requested by the client, such asftp or the login service.
A typical command line might look like the following example:
$ gss-server -port 8080 -once -mech kerberos_v5 exanple2.eng nfs "hello"