Kerberos Server Implementation

Charles Hedrick hedrick at
Fri Jan 21 13:40:18 EST 2022


For a real example, see github, clhedrick/kerberos.git, in directory kmkhomedir

This is a client-server pair designed to create home directories for users. When you’re using kerberized NFS the normal pam_mkhomedir won’t work, because it assumes that root can create directories in the file system. With kerberized NFS, root has no special privileges. So we have a pam_kmkhomedir that calls a process on the file server to do the creation. 

If I were doing it again, I’d probably write it using GSSAPI rather than a basic Kerberos client / server. Then I could write the server as a web service in python and use libcurl on the client side. Unfortunately it doesn’t seem to be practical to write a pam module in anything other than C, but with libcurl all the GSSAPi stuff is handled by the library. If the client isn’t a pam module, it’s easy enough to write a GSSAPI client in python. (I can give you example client-server if you need it.)

> On Jan 11, 2022, at 9:18 PM, Chris Hecker <checker at> wrote:
> There are two samples in the Kerberos source that have both clients and
> servers, I’m not at my computer but they’re called something like
> sim_client and sample_client and server.
> Chris
> On Tue, Jan 11, 2022 at 14:44 Gupta, Divyansh via Kerberos <kerberos at>
> wrote:
>> Hi Kerberos at MIT,
>> I am attempting to create an application server with Kerberos server-side
>> authentication. I am finding plenty of examples on how to do authentication
>> as a Kerberos client, but not finding guides on Kerberos server-side. I was
>> wondering if you could point me towards any guides or examples on how to do
>> this? I am attempting it in Rust, but a C example that I can convert to
>> Rust works just as well. Any help is appreciated.
>> Thank you,
>> Divyansh Gupta
>> ________________________________________________
>> Kerberos mailing list           Kerberos at
> ________________________________________________
> Kerberos mailing list           Kerberos at

More information about the Kerberos mailing list