There are two ways to start _gss-client_ – the first specifies an encryption method to use by its OID 1.3.6.1.4.1.5322.22.1.18 (as seen in /etc/gss/mech):
- /opt/moonshot/bin/gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" 127.0.0.1 host@localhost bar
+ /opt/moonshot/bin/gss-client -mech "{1.3.6.1.5.5.15.1.1.18 }" 127.0.0.1 host@localhost bar
The second uses __Simple and Protected GSSAPI Negotiation Mechanism (SPNEGO)__<br />
This chooses the "best" mutually-agreeable encryption method for between client and server. To invoke the client using __SPNEGO__, use:
cat >/usr/etc/gss/mech <<EOF
eap-aes128 1.3.6.1.4.1.5322.22.1.17 mech_eap.so
eap-aes256 1.3.6.1.4.1.5322.22.1.18 mech_eap.so
+eap-aes128 1.3.6.1.5.5.15.1.1.17 mech_eap.so
+eap-aes256 1.3.6.1.5.5.15.1.1.18 mech_eap.so
EOF
- gss-server host@localhost &
- gss-client -mech "{1 3 6 1 4 1 5322 22 1 17}" localhost host@localhost HELLO
+[[!inline pages=testing-/gss-sample.mdwn]]
--- /dev/null
+ gss-server host@localhost&
+ gss-client -mech '{ 1.3.6.1.5.5.15.1.1.18 }' localhost host@localhost bar
+
+This should produce lots of interesting output, ending with
+
+ Received message: "bar"
+ Signature verified.
+ NOOP token
Good auth.
### Test with gss-server and gss-client
- ~/krb5-1.9/src/appl/gss-sample/gss-server host@moonshot-test.project-moonshot.org &
- ~/krb5-1.9/src/appl/gss-sample/gss-client -mech "{1 3 6 1 4 1 5322 22 1 18}" -user steve@local -pass testing 127.0.0.1 host@localhost bar
-
-This should produce lots of interesting output, ending with
-
- Received message: "bar"
- Signature verified.
- NOOP token
+[[!inline pages=testing/gss-sample.mdwn]]