18 sserver and :ref:`sclient(1)` are a simple demonstration client/server
19 application. When sclient connects to sserver, it performs a Kerberos
20 authentication, and then sserver returns to sclient the Kerberos
21 principal which was used for the Kerberos authentication. It makes a
22 good test that Kerberos has been successfully installed on a machine.
24 The service name used by sserver and sclient is sample. Hence,
25 sserver will require that there be a keytab entry for the service
26 ``sample/hostname.domain.name@REALM.NAME``. This keytab is generated
27 using the :ref:`kadmin(1)` program. The keytab file is usually
28 installed as |keytab|.
30 The **-S** option allows for a different keytab than the default.
32 sserver is normally invoked out of inetd(8), using a line in
33 ``/etc/inetd.conf`` that looks like this::
35 sample stream tcp nowait root /usr/local/sbin/sserver sserver
37 Since ``sample`` is normally not a port defined in ``/etc/services``,
38 you will usually have to add a line to ``/etc/services`` which looks
43 When using sclient, you will first have to have an entry in the
44 Kerberos database, by using :ref:`kadmin(1)`, and then you have to get
45 Kerberos tickets, by using :ref:`kinit(1)`. Also, if you are running
46 the sclient program on a different host than the sserver it will be
47 connecting to, be sure that both hosts have an entry in /etc/services
48 for the sample tcp port, and that the same port number is in both
51 When you run sclient you should see something like this::
53 sendauth succeeded, reply is:
54 reply len 32, contents:
55 You are nlgilman@JIMI.MIT.EDU
61 1) kinit returns the error::
63 kinit: Client not found in Kerberos database while getting
66 This means that you didn't create an entry for your username in the
69 2) sclient returns the error::
71 unknown service sample/tcp; check /etc/services
73 This means that you don't have an entry in /etc/services for the
76 3) sclient returns the error::
78 connect: Connection refused
80 This probably means you didn't edit /etc/inetd.conf correctly, or
81 you didn't restart inetd after editing inetd.conf.
83 4) sclient returns the error::
85 sclient: Server not found in Kerberos database while using
88 This means that the ``sample/hostname@LOCAL.REALM`` service was not
89 defined in the Kerberos database; it should be created using
90 :ref:`kadmin(1)`, and a keytab file needs to be generated to make
91 the key for that service principal available for sclient.
93 5) sclient returns the error::
95 sendauth rejected, error reply is:
96 "No such file or directory"
98 This probably means sserver couldn't find the keytab file. It was
99 probably not installed in the proper directory.
105 :ref:`sclient(1)`, services(5), inetd(8)