To run greet_dced, do the following.
1. Build the program by invoking the make command.
2. Change the uid and gid values in greet_dced.install as desired. If you do change them, make sure that you chown the keytab file to the same uid in Step 4 below.
3. As cell_admin, do:
dcecp greet_dced.install
This creates a server principal and account with the password "secret", creates a CDS directory and changes permissions on it (so that the server principal has rights to create its server entry, creates a keytab entry and creates a srvrconf entry. It handles errors, so if something else fails, (e.g., if the user already exists) the program will still run to completion.
4. As root, do:
chown your_user_name greet_dced.ktab
This is necessary because the form of the chown command in greet_dced.install will fail - it is present there only as a reminder. If you use a different uid in the script, change it here as well.
5. As cell_admin, do:
dcecp -c server start greeter_dced
6. Wait a few moments and check /tmp/srv.out to make sure the server has started.
7. Start the client as follows:
./greet_dced_client /.:/subsys/my_company/greet_dced/greeter_dced_entry
After you are done, you can get rid of everything as follows:
1. As cell_admin, stop the server:
dcecp -c server stop greeter_dced -method soft
2. As cell_admin, run the delete script:
dcecp greet_dced.delete
The program has the following limitations:
· The server does not catch signals, so when it is stopped it does not clean up anything.
· The dce_server_sec_begin() routine logs in using the server principal and keytab specified in the srvrconf file. It also starts a thread to manage the server's key. However, it does not start a thread to refresh the server's login context. That still needs to be done by the application writer, using the same method that was used in DCE 1.0.x:
create a thread to run the following:
loop
find out when the login context expires
do a pthread_delay_np for
(expiration time - current time - 10 minutes)
sec_login_refresh_identity( )
sec_key_mgmt_get_key( )
sec_login_validate_identity( )
sec_key_mgmt_free_key( )
end loop