SGkgS2VyYmVyb3NATUlULA0KDQpJIGFtIGF0dGVtcHRpbmcgdG8gY3JlYXRlIGFuIGFwcGxpY2F0 aW9uIHNlcnZlciB3aXRoIEtlcmJlcm9zIHNlcnZlci1zaWRlIGF1dGhlbnRpY2F0aW9uLiBJIGFt IGZpbmRpbmcgcGxlbnR5IG9mIGV4YW1wbGVzIG9uIGhvdyB0byBkbyBhdXRoZW50aWNhdGlvbiBh cyBhIEtlcmJlcm9zIGNsaWVudCwgYnV0IG5vdCBmaW5kaW5nIGd1aWRlcyBvbiBLZXJiZXJvcyBz ZXJ2ZXItc2lkZS4gSSB3YXMgd29uZGVyaW5nIGlmIHlvdSBjb3VsZCBwb2ludCBtZSB0b3dhcmRz IGFueSBndWlkZXMgb3IgZXhhbXBsZXMgb24gaG93IHRvIGRvIHRoaXM/IEkgYW0gYXR0ZW1wdGlu ZyBpdCBpbiBSdXN0LCBidXQgYSBDIGV4YW1wbGUgdGhhdCBJIGNhbiBjb252ZXJ0IHRvIFJ1c3Qg d29ya3MganVzdCBhcyB3ZWxsLiBBbnkgaGVscCBpcyBhcHByZWNpYXRlZC4NCg0KVGhhbmsgeW91 LA0KRGl2eWFuc2ggR3VwdGENCg==

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: kerberos@mit.edu (kerberos@mit.edu)

On Tue, Jan 11, 2022 at 08:08:49PM +0000, Gupta, Divyansh via Kerberos wrote:

I am attempting to create an application server with Kerberos
server-side authentication. I am finding plenty of examples on how to do authentication as a Kerberos client, but not finding guides on Kerberos server-side. I was wondering if you could point me towards any guides or examples on how to do this? I am attempting it in Rust, but a C example
that I can convert to Rust works just as well. Any help is appreciated.

It's generally recommended to use GSSAPI these days for Kerberos. https://github.com/elric1/gss-token has both client and server side
GSSAPI code that might help get you started.

--
Roland C. Dowdeswell https://Imrryr.ORG/

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: kerberos@mit.edu (kerberos@mit.edu)

There are two samples in the Kerberos source that have both clients and servers, I’m not at my computer but they’re called something like sim_client and sample_client and server.

Chris

On Tue, Jan 11, 2022 at 14:44 Gupta, Divyansh via Kerberos <kerberos@mit.edu> wrote:

Hi Kerberos@MIT,

I am attempting to create an application server with Kerberos server-side authentication. I am finding plenty of examples on how to do authentication as a Kerberos client, but not finding guides on Kerberos server-side. I was wondering if you could point me towards any guides or examples on how to do this? I am attempting it in Rust, but a C example that I can convert to
Rust works just as well. Any help is appreciated.

Thank you,
Divyansh Gupta
________________________________________________
Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: guptadiv@amazon.com (Gupta, Divyansh)
Copy: kerberos@mit.edu (kerberos@mit.edu)

src/appl/simple

For a real example, see github, clhedrick/kerberos.git, in directory kmkhomedir

This is a client-server pair designed to create home directories for users. When you’re using kerberized NFS the normal pam_mkhomedir won’t work, because it assumes that root can create directories in the file system. With kerberized NFS, root has no
special privileges. So we have a pam_kmkhomedir that calls a process on the file server to do the creation.

If I were doing it again, I’d probably write it using GSSAPI rather than a basic Kerberos client / server. Then I could write the server as a web service in python and use libcurl on the client side. Unfortunately it doesn’t seem to be practical to
write a pam module in anything other than C, but with libcurl all the GSSAPi stuff is handled by the library. If the client isn’t a pam module, it’s easy enough to write a GSSAPI client in python. (I can give you example client-server if you need it.)

On Jan 11, 2022, at 9:18 PM, Chris Hecker <checker@d6.com> wrote:

There are two samples in the Kerberos source that have both clients and servers, I’m not at my computer but they’re called something like sim_client and sample_client and server.

Chris

On Tue, Jan 11, 2022 at 14:44 Gupta, Divyansh via Kerberos <kerberos@mit.edu> wrote:

Hi Kerberos@MIT,

I am attempting to create an application server with Kerberos server-side
authentication. I am finding plenty of examples on how to do authentication >> as a Kerberos client, but not finding guides on Kerberos server-side. I was >> wondering if you could point me towards any guides or examples on how to do >> this? I am attempting it in Rust, but a C example that I can convert to
Rust works just as well. Any help is appreciated.

Thank you,
Divyansh Gupta
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

________________________________________________
Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: checker@d6.com (Chris Hecker)
Copy: guptadiv@amazon.com (Gupta, Divyansh)
Copy: kerberos@mit.edu (kerberos@mit.edu)

Charles Hedrick <hedrick@rutgers.edu> writes:

This is a client-server pair designed to create home directories for
users. When you’re using kerberized NFS the normal pam_mkhomedir won’t work, because it assumes that root can create directories in the file
system. With kerberized NFS, root has no special privileges. So we have
a pam_kmkhomedir that calls a process on the file server to do the
creation.

If I were doing it again, I’d probably write it using GSSAPI rather than
a basic Kerberos client / server. Then I could write the server as a web service in python and use libcurl on the client side. Unfortunately it doesn’t seem to be practical to write a pam module in anything other
than C, but with libcurl all the GSSAPi stuff is handled by the
library. If the client isn’t a pam module, it’s easy enough to write a GSSAPI client in python. (I can give you example client-server if you
need it.)

You may also be interested in remctl, which is designed to do this sort of thing.

https://www.eyrie.org/~eagle/software/remctl/

--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)