QA:Testcase kerberos setup

From FedoraProject

Jump to: navigation, search

These are requirements for the various Kerberos test cases.

In the various instructions replace AD.EXAMPLE.COM with your kerberos realm. Normally this is the same as the domain, but upper case.

Contents

Realm Requirements

You need access to a Kerberos realm in order to perform these tests.

  • The realm should be setup so that it is advertised in DNS correctly, and resolveable from your machine.
  • You need an account on the realm, and the account password.

If you do not have access to a kerberos realm, you can setup an Active Directory domain. Active Directory runs kerberos and is useful to test against.


Testing DNS

Use the following commands to do some basic smoke testing that your realm DNS works. The output should look similar, obviously specifics different for your realm.

$ host ad.example.com
ad.example.com has address X.X.X.X
$ host -t SRV _kerberos._udp.ad.example.com
_kerberos._udp.ad.example.com has SRV record 0 100 88 domain-controller.ad.example.com.
  • If any of the above fail, then DNS is not working properly for your realm.

Software

The tests require MIT kerberos krb5 version 1.11 or later. Install the following packages:

$ sudo yum install krb5-libs krb5-workstation

Config krb5.conf

Old /etc/krb5.conf files distributed with Fedora 17 or earlier were broken. It should not be necessary to have a complex krb5.conf file.

You can replace yours with the default by doing:

$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak
$ sudo yum reinstall krb5-libs