blob: 8b68db990132847d1feab4ad78abb89e26138a8f (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
This directory contains additional data files needed to run some tests.
In order to run the keytab tests, you will need to grant the test
processes access to create, download, and remove principals in a test KDC.
This should not be pointed at a production KDC! Then, create the
following files:
test.keytab Keytab for an authorized user
test.principal Principal of the authorized user
test.realm Kerberos realm in which to do testing
This realm will also need to be configured in your local krb5.conf,
including the admin_server for the realm.
The test process will create the principals wallet/one and wallet/two and
on success will clean up after itself. If the test fails, they may be
left behind in the KDC. It will also attempt to create wallet-test/one
and expects that attempt to be rejected by the KDC.
For MIT Kerberos, to grant appropriate permissions, add the line:
<principal> admci wallet/*@<realm>
to the kadm5.acl file for your master KDC for the test realm and restart
kadmind. <principal> is the principal that you are using to test with,
and <realm> is the Kerberos realm.
Again, I do not recommend using a production realm; the test doesn't need
a production realm and it's more secure to stick to a test realm.
In order to test the AFS kaserver synchronization, you will need to grant
the test processes access to a principal with ADMIN rights in a test AFS
kaserver. This should not be pointed at a production cell! Create the
following files:
test.admin Fully-qualified principal of ADMIN user
test.srvtab Kerberos v4 srvtab for the ADMIN user
The ADMIN user will be parsed to determine the default realm for
principals created in the kaserver. You cannot use cross-realm
authentication for this test. This AFS kaserver Kerberos v4 realm will
also need to be configured in your local krb.conf (but not krb.realms).
The test process will create the principals wallet.one and wallet.two and
on success will clean up after itself. If the test fails, they may be
left behind in the AFS kaserver.
|
