[39041] in Kerberos
Re: Kerberos Server Implementation
daemon@ATHENA.MIT.EDU (Charles Hedrick)
Fri Jan 21 13:43:53 2022
From: Charles Hedrick <hedrick@rutgers.edu>
To: Chris Hecker <checker@d6.com>
CC: "Gupta, Divyansh" <guptadiv@amazon.com>,
"kerberos@mit.edu"
<kerberos@mit.edu>
Date: Fri, 21 Jan 2022 18:40:18 +0000
Message-ID: <7E724A28-77D8-4ED9-A84F-F537B122FF63@cs.rutgers.edu>
In-Reply-To: <CAOdMLc04SLQ8zMKKqTCYEeBJK31CcfZ4Kp31TNLmfA8gtAiMDw@mail.gmail.com>
Content-Language: en-US
Content-ID: <E5124B18CAE9EF43A38D08262CDFBD5D@namprd14.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
src/appl/simple
For a real example, see github, clhedrick/kerberos.git, in directory kmkhomedir
This is a client-server pair designed to create home directories for users. When you’re using kerberized NFS the normal pam_mkhomedir won’t work, because it assumes that root can create directories in the file system. With kerberized NFS, root has no special privileges. So we have a pam_kmkhomedir that calls a process on the file server to do the creation.
If I were doing it again, I’d probably write it using GSSAPI rather than a basic Kerberos client / server. Then I could write the server as a web service in python and use libcurl on the client side. Unfortunately it doesn’t seem to be practical to write a pam module in anything other than C, but with libcurl all the GSSAPi stuff is handled by the library. If the client isn’t a pam module, it’s easy enough to write a GSSAPI client in python. (I can give you example client-server if you need it.)
> On Jan 11, 2022, at 9:18 PM, Chris Hecker <checker@d6.com> wrote:
>
> There are two samples in the Kerberos source that have both clients and
> servers, I’m not at my computer but they’re called something like
> sim_client and sample_client and server.
>
> Chris
>
> On Tue, Jan 11, 2022 at 14:44 Gupta, Divyansh via Kerberos <kerberos@mit.edu>
> wrote:
>
>> Hi Kerberos@MIT,
>>
>> I am attempting to create an application server with Kerberos server-side
>> authentication. I am finding plenty of examples on how to do authentication
>> as a Kerberos client, but not finding guides on Kerberos server-side. I was
>> wondering if you could point me towards any guides or examples on how to do
>> this? I am attempting it in Rust, but a C example that I can convert to
>> Rust works just as well. Any help is appreciated.
>>
>> Thank you,
>> Divyansh Gupta
>> ________________________________________________
>> Kerberos mailing list Kerberos@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
