KNC

Quick Description

KNC is Kerberised NetCat. It works in basically the same way as either netcat or stunnel except that it is Kerberised. You can use it to construct client/server applications while keeping the Kerberos libraries out of your programs address space quickly and easily.

KNC is used in the Kharon framework as well.

Let’s say that you want to allow a user “dood@EXAMPLE.ORG” to cat /var/log/messages on a server without logging in. You could write this simple shell script called show_log.sh:

#!/bin/sh

if [ X"$KNC_CREDS" != Xdood@EXAMPLE.ORG ]; then
        echo "Permission denied" 1>&2
        exit 1
fi

cat /var/log/messages

You can then run it as a daemon with:

$ KRB5_KTNAME=/path/to/your/keytab knc -l 3666 ./show_log.sh

And remotely connect to it like:

$ knc <service>@<host> 3666 | more

For more usage and examples, please refer to the man page (HTML, PDF).

Download

For now, we provide only a tarball containing 2 files which must be compiled and linked together in order to generate a running executable. There is no Makefile… But the nroff man page srcs w/o Makefile are also included. This will be fixed in the course of time.

KNC 1.6.1 srcs

Building

To build, just use make. You will have to define CFLAGS and LDADD to choose between Heimdal and MIT Kerberos. For Heimdal:

        $ CFLAGS=-DHEIMDAL LDADD=-lgssapi make

and for MIT Kerberos:

        $ LDADD=-lgssapi_krb5 make

Beyond that, we’ll update the document in the future…

Current Development Sources

The current development sources can be obtained via git:

        $ git clone http://oskt.secure-endpoints.com/git/knc

The git repository can also be obtained from:

        $ git clone http://imrryr.org/git/knc

or

        $ git clone http://github.com/elric1/knc

The current sources have been converted to use autoconf and libstool and so can be built and installed:

        $ git clone http://imrryr.org/git/knc
        $ cd knc
        $ autoreconf -f -i
        $ ./configure
        $ make
        $ make install

Please note that libknc does not yet have a stable interface and is subject to change.

Authors

Bill Squier and Roland Dowdeswell.

License

Copyright 2009  Morgan Stanley and Co. Incorporated

Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject
to the following conditions:

The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR
ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF
CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Open Source Kerberos Tooling

Overview Source KNC Kharon krb5_admin krb5_keytab k5ping lnetd prefork	KNC Quick Description KNC is Kerberised NetCat. It works in basically the same way as either netcat or stunnel except that it is Kerberised. You can use it to construct client/server applications while keeping the Kerberos libraries out of your programs address space quickly and easily. KNC is used in the Kharon framework as well. Let’s say that you want to allow a user “dood@EXAMPLE.ORG” to cat /var/log/messages on a server without logging in. You could write this simple shell script called show_log.sh: `#!/bin/sh if [ X"$KNC_CREDS" != Xdood@EXAMPLE.ORG ]; then echo "Permission denied" 1>&2 exit 1 fi cat /var/log/messages` You can then run it as a daemon with: `$ KRB5_KTNAME=/path/to/your/keytab knc -l 3666 ./show_log.sh` And remotely connect to it like: `$ knc <service>@<host> 3666 \| more` For more usage and examples, please refer to the man page (HTML, PDF). Download For now, we provide only a tarball containing 2 files which must be compiled and linked together in order to generate a running executable. There is no Makefile… But the nroff man page srcs w/o Makefile are also included. This will be fixed in the course of time. KNC 1.6.1 srcs Building To build, just use make. You will have to define CFLAGS and LDADD to choose between Heimdal and MIT Kerberos. For Heimdal: `$ CFLAGS=-DHEIMDAL LDADD=-lgssapi make` and for MIT Kerberos: `$ LDADD=-lgssapi_krb5 make` Beyond that, we’ll update the document in the future… Current Development Sources The current development sources can be obtained via git: `$ git clone http://oskt.secure-endpoints.com/git/knc` The git repository can also be obtained from: `$ git clone http://imrryr.org/git/knc` or `$ git clone http://github.com/elric1/knc` The current sources have been converted to use autoconf and libstool and so can be built and installed: `$ git clone http://imrryr.org/git/knc $ cd knc $ autoreconf -f -i $ ./configure $ make $ make install` Please note that libknc does not yet have a stable interface and is subject to change. Authors Bill Squier and Roland Dowdeswell. License Copyright 2009 Morgan Stanley and Co. Incorporated Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. Last updated 2011-11-27 12:06:49 GMT