QA:Testcase kerberos setup

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Kerberos tests setup page)
 
(Add about krb5.conf)
 
(3 intermediate revisions by one user not shown)
Line 3: Line 3:
 
In the various instructions replace <code>AD.EXAMPLE.COM</code> with your kerberos realm. Normally this is the same as the domain, but upper case.
 
In the various instructions replace <code>AD.EXAMPLE.COM</code> with your kerberos realm. Normally this is the same as the domain, but upper case.
  
== Realm Setup ==
+
== Realm Requirements ==
  
 
You need access to a Kerberos realm in order to perform these tests.  
 
You need access to a Kerberos realm in order to perform these tests.  
* The realm should be setup so that it is advertised in DNS correctly, and resolveable from your machine.
+
* The realm should be setup so that it is advertised in DNS correctly, and resolveable from your machine.
* You need an account on the realm, and the account password.
+
* You need an account on the realm, and the account password.
  
 
If you do not have access to a kerberos realm, you can [[QA:Testcase_Active_Directory_Setup|setup an Active Directory domain]]. Active Directory runs kerberos and is useful to test against.
 
If you do not have access to a kerberos realm, you can [[QA:Testcase_Active_Directory_Setup|setup an Active Directory domain]]. Active Directory runs kerberos and is useful to test against.
 +
 +
 +
== Testing DNS ==
 +
 +
Use the following commands to do some basic smoke testing that your realm DNS works. The output should look similar, obviously specifics different for your realm.
 +
 +
<pre>
 +
$ host ad.example.com
 +
ad.example.com has address X.X.X.X
 +
$ host -t SRV _kerberos._udp.ad.example.com
 +
_kerberos._udp.ad.example.com has SRV record 0 100 88 domain-controller.ad.example.com.
 +
</pre>
 +
 +
* If any of the above fail, then DNS is not working properly for your realm.
  
 
== Software ==
 
== Software ==
  
The tests require kerberos 1.11 or later. Install the following packages:
+
The tests require MIT kerberos <code>krb5</code> version 1.11 or later. Install the following packages:
  
 
<pre>$ sudo yum install krb5-libs krb5-workstation</pre>
 
<pre>$ sudo yum install krb5-libs krb5-workstation</pre>
  
 
[[Category:Active_Directory_Test_Cases]] [[Category:Kerberos_Test_Cases]]
 
[[Category:Active_Directory_Test_Cases]] [[Category:Kerberos_Test_Cases]]
 +
 +
== Config krb5.conf ==
 +
 +
Old <code>/etc/krb5.conf</code> files distributed with Fedora 17 or earlier were broken. It should not be necessary to have a complex <code>krb5.conf</code> file.
 +
 +
You can replace yours with the default by doing:
 +
<pre>$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak
 +
$ sudo yum reinstall krb5-libs</pre>

Latest revision as of 07:12, 9 May 2013

These are requirements for the various Kerberos test cases.

In the various instructions replace AD.EXAMPLE.COM with your kerberos realm. Normally this is the same as the domain, but upper case.

Contents

[edit] Realm Requirements

You need access to a Kerberos realm in order to perform these tests.

  • The realm should be setup so that it is advertised in DNS correctly, and resolveable from your machine.
  • You need an account on the realm, and the account password.

If you do not have access to a kerberos realm, you can setup an Active Directory domain. Active Directory runs kerberos and is useful to test against.


[edit] Testing DNS

Use the following commands to do some basic smoke testing that your realm DNS works. The output should look similar, obviously specifics different for your realm.

$ host ad.example.com
ad.example.com has address X.X.X.X
$ host -t SRV _kerberos._udp.ad.example.com
_kerberos._udp.ad.example.com has SRV record 0 100 88 domain-controller.ad.example.com.
  • If any of the above fail, then DNS is not working properly for your realm.

[edit] Software

The tests require MIT kerberos krb5 version 1.11 or later. Install the following packages:

$ sudo yum install krb5-libs krb5-workstation

[edit] Config krb5.conf

Old /etc/krb5.conf files distributed with Fedora 17 or earlier were broken. It should not be necessary to have a complex krb5.conf file.

You can replace yours with the default by doing:

$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak
$ sudo yum reinstall krb5-libs