JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Developer's Guide to Oracle Solaris 11 Security     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

1.  Oracle Solaris Security for Developers (Overview)

2.  Developing Privileged Applications

3.  Writing PAM Applications and Services

4.  Writing Applications That Use GSS-API

5.  GSS-API Client Example

6.  GSS-API Server Example

GSSAPI Server Example Overview

GSSAPI Server Example Structure

Running the GSSAPI Server Example

GSSAPI Server Example: main() Function

Acquiring Credentials

Checking for inetd

Receiving Data From a Client

Accepting a Context

Unwrapping the Message

Signing and Returning the Message

Using the test_import_export_context() Function

Cleanup in the GSSAPI Server Example

7.  Writing Applications That Use SASL

8.  Introduction to the Oracle Solaris Cryptographic Framework

9.  Writing User-Level Cryptographic Applications

10.  Introduction to the Oracle Solaris Key Management Framework

A.  Secure Coding Guidelines for Developers

B.  Sample C-Based GSS-API Programs

C.  GSS-API Reference

D.  Specifying an OID

E.  Source Code for SASL Example

F.  SASL Reference Tables

Glossary

Index

GSSAPI Server Example Overview

The sample server-side program gss-server works in conjunction with gss-client, which is described in the previous chapter. The basic purpose of gss-server is to receive, sign, and return the wrapped message from gssapi-client.

The following sections provide a step-by-step description of how gss-server works. Because gss-server is a sample program for demonstrating GSSAPI functionality, only relevant parts of the program are discussed in detail. The complete source code for the two applications appears in the appendix and can be downloaded from the Oracle download center. See http://www.oracle.com/technetwork/indexes/downloads/sdlc-decommission-333274.html.

GSSAPI Server Example Structure

The gss-structure application performs the following steps:

  1. Parses the command line.

  2. If a mechanism is specified, translates the mechanism name to internal format.

  3. Acquires credentials for the caller.

  4. Checks to see whether the user has specified using the inetd daemon for connecting.

  5. Makes a connection with the client.

  6. Receives the data from the client.

  7. Signs and returns the data.

  8. Releases namespaces and exits.

Running the GSSAPI Server Example

gss-server takes this form on the command line

gss-server [-port port] [-verbose] [-inetd] [-once] [-logfile file] \
                 [-mech mechanism] service-name

A typical command line might look like the following example:

% gss-server -port 8080 -once -mech kerberos_v5 erebos.eng nfs "hello"