From 766ba9295705be7c91593b6e7ce5db66bf88d453 Mon Sep 17 00:00:00 2001 From: Russ Allbery Date: Tue, 25 Sep 2007 20:57:06 +0000 Subject: Add support for synchronizing a key with an AFS kaserver in the keytab object implementation, extracting the DES key with Authen::Krb5 (since ktutil doesn't work). Rename the KEYTAB_CACHE variable to KEYTAB_REMCTL_CACHE to match the rest of the keytab retrieval configuration and reorganize the Wallet::Config documentation to group related configuration options for the keytab backend. Fix a column name in the keytab_enctypes table to be more consistent with the rest of the schema. --- perl/t/data/README | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'perl/t/data/README') diff --git a/perl/t/data/README b/perl/t/data/README index 33ec32f..968ec6c 100644 --- a/perl/t/data/README +++ b/perl/t/data/README @@ -27,3 +27,20 @@ and is the Kerberos realm. Again, I do not recommend using a production realm; the test doesn't need a production realm and it's more secure to stick to a test realm. + +In order to test the AFS kaserver synchronization, you will need to grant +the test processes access to a principal with ADMIN rights in a test AFS +kaserver. This should not be pointed at a production cell! Create the +following files: + + test.admin Fully-qualified principal of ADMIN user + test.cell AFS kaserver test cell + +The ADMIN user will be parsed to determine the default realm for +principals created in the kaserver. You cannot use cross-realm +authentication for this test. This AFS kaserver Kerberos v4 realm will +also need to be configured in your local krb.conf (but not krb.realms). + +The test process will create the principals wallet.one and wallet.two and +on success will clean up after itself. If the test fails, they may be +left behind in the AFS kaserver. -- cgit v1.2.3