Open Source Kerberos Tooling
Overview
Source
KNC
Kharon
krb5_admin
krb5_keytab
k5ping
lnetd
prefork

Quick Description

KNC is Kerberised NetCat. It works in basically the same way as either netcat or stunnel except that it is uses GSS-API to secure the communication. You can use it to construct client/server applications while keeping the Kerberos libraries out of your programs address space quickly and easily.

KNC is used in the Kharon framework as well.

Let’s say that you want to allow a user “dood@EXAMPLE.ORG” to cat /var/log/messages on a server without logging in. You could write this simple shell script called show_log.sh:

#!/bin/sh

if [ X"$KNC_CREDS" != Xdood@EXAMPLE.ORG ]; then
        echo "Permission denied" 1>&2
        exit 1
fi

cat /var/log/messages

You can then run it as a daemon with:

$ KRB5_KTNAME=/path/to/your/keytab knc -l 3666 ./show_log.sh

And remotely connect to it like:

$ knc <service>@<host> 3666 | more

For more usage and examples, please refer to the man page (HTML, PDF).

Download

The current release is 1.7.1. It is now built using the autoconf framework.

Building

To build, just:

        $ ./configure
        $ make

Install it using “make install”.

The configure script it generated via automake and so it will accept the standard --prefix options if you wish to place the final product in a directory other than the default /usr/local/.

Current Development Sources

The current development sources can be obtained via git:

        $ git clone http://oskt.secure-endpoints.com/git/knc
or      $ git clone http://imrryr.org/git/knc
or      $ git clone http://github.com/elric1/knc

The current sources have been converted to use autoconf and libstool and so can be built and installed:

        $ git clone http://imrryr.org/git/knc
        $ cd knc
        $ autoreconf -f -i
        $ ./configure
        $ make
        $ make install

Please note that libknc does not yet have a stable interface and is subject to change. libknc also will not build by default unless one provides a magic flag.

Authors

Bill Squier and Roland C. Dowdeswell.

License

The code is licensed via a BSD/MIT style license.