[zeromq-dev] Using ZeroMQ Security with gssapi
Peter Kleiweg
pkleiweg at xs4all.nl
Mon Jan 19 17:05:47 CET 2015
Mike Gatny schreef op de 18e dag van de louwmaand van het jaar 2015:
> But there is a gist!
>
> https://gist.github.com/cbusbey/11265987
>
> We wrote this example back when we started the gssapi implementation, in
> the same spirit as Pieter's blog post examples. If you need something
> more, I'll be happy to work something up for you.
So, I need a machine with kerberos enabled and root access? I
don't have that. I will have to see how I can get Kerberos
enabled on my own machine. Kerberos is horrible.
(many hours later)
I got kerberos running. With the help of this:
https://www.debian-administration.org/article/570/MIT_Kerberos_installation_on_Debian
Except for the last part: krb5-rsh -x hostname. I get "Wrong
principal in request", and that's an error the page doesn't
cater for.
Let's try anyway...
Added commands to sudoers
Changed the principal in gssapi-client.c.
kinit... works
klist shows my ticket
(peter) ~/tmp sudo ./gssapi-client &
[1] 15060
(peter) ~/tmp [gss-client] waiting for msg...
(peter) ~/tmp sudo ./gssapi-server
[gss-server] sending...
(peter) ~/tmp
(peter) ~/tmp
No further output. Killing client...
[gssapi-client ] GSSAPI test FAILED
What now? Wrong setup of kerberos? Do I also need to change the
"host" in gssapi-client.c and gssapi-server.c
--
Peter Kleiweg
http://pkleiweg.home.xs4all.nl/
More information about the zeromq-dev
mailing list