Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: How many...
Special Forums Cybersecurity How many... Post 5643 by Neo on Sunday 19th of August 2001 11:15:47 PM
Old 08-20-2001
It is really based on risk. Folks who are not protecting sensitive data, financial transacations, etc. may not have a high enough risk criteria to spend lots of time on security.

The process is one of risk assessment, risk management.

Refer to this paper for more details on the process of risk management:

http://www.silkroad.com/papers/pdf/m..._paper_430.pdf

 

LEARN ABOUT CENTOS

sserver

SSERVER(8)							   MIT Kerberos 							SSERVER(8)

NAME

       sserver - sample Kerberos version 5 server

SYNOPSIS

       sserver [ -p port ] [ -S keytab ] [ server_port ]

DESCRIPTION

       sserver	and  sclient(1)  are  a  simple demonstration client/server application.  When sclient connects to sserver, it performs a Kerberos
       authentication, and then sserver returns to sclient the Kerberos principal which was used for the Kerberos authentication.  It makes a good
       test that Kerberos has been successfully installed on a machine.

       The  service  name  used  by  sserver and sclient is sample.  Hence, sserver will require that there be a keytab entry for the service sam-
       ple/hostname.domain.name@REALM.NAME.  This keytab is generated using the kadmin(1) program.   The  keytab  file	is  usually  installed	as
       FILE:/etc/krb5.keytab.

       The -S option allows for a different keytab than the default.

       sserver is normally invoked out of inetd(8), using a line in /etc/inetd.conf that looks like this:

	      sample stream tcp nowait root /usr/local/sbin/sserver sserver

       Since sample is normally not a port defined in /etc/services, you will usually have to add a line to /etc/services which looks like this:

	      sample	      13135/tcp

       When  using  sclient,  you will first have to have an entry in the Kerberos database, by using kadmin(1), and then you have to get Kerberos
       tickets, by using kinit(1).  Also, if you are running the sclient program on a different host than the sserver it will be connecting to, be
       sure that both hosts have an entry in /etc/services for the sample tcp port, and that the same port number is in both files.

       When you run sclient you should see something like this:

	      sendauth succeeded, reply is:
	      reply len 32, contents:
	      You are nlgilman@JIMI.MIT.EDU

COMMON ERROR MESSAGES

       1. kinit returns the error:

		 kinit: Client not found in Kerberos database while getting
		     initial credentials

	  This means that you didn't create an entry for your username in the Kerberos database.

       2. sclient returns the error:

		 unknown service sample/tcp; check /etc/services

	  This means that you don't have an entry in /etc/services for the sample tcp port.

       3. sclient returns the error:

		 connect: Connection refused

	  This probably means you didn't edit /etc/inetd.conf correctly, or you didn't restart inetd after editing inetd.conf.

       4. sclient returns the error:

		 sclient: Server not found in Kerberos database while using
		     sendauth

	  This	means that the sample/hostname@LOCAL.REALM service was not defined in the Kerberos database; it should be created using kadmin(1),
	  and a keytab file needs to be generated to make the key for that service principal available for sclient.

       5. sclient returns the error:

		 sendauth rejected, error reply is:
		     "No such file or directory"

	  This probably means sserver couldn't find the keytab file.  It was probably not installed in the proper directory.

SEE ALSO

       sclient(1), services(5), inetd(8)

AUTHOR

       MIT

COPYRIGHT

       1985-2013, MIT

1.11.3																	SSERVER(8)
All times are GMT -4. The time now is 06:06 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy