From Fedora Project Wiki

(Initial test case)
 
(Link to the page for testing domain access)
Line 2: Line 2:
 
|description=Work has been done to make <code>krb5</code> configurationless, and unbreak the default <code>/etc/krb5.conf</code> that was distributed with Fedora 17 and earlier.
 
|description=Work has been done to make <code>krb5</code> configurationless, and unbreak the default <code>/etc/krb5.conf</code> that was distributed with Fedora 17 and earlier.
 
|setup=
 
|setup=
# Make sure you have an Active Directory to access. We'll use <code>AD.EXAMPLE.COM</code>
+
# [[Features/ActiveDirectory/TestBed|Verify that your Active Directory domain access works]]. If you don't have an Active Directory domain, you can [[Features/ActiveDirectory/TestBed|set one up]].
# First run the test below with the config. Move <code>/etc/krb5.conf</code> away if it exists:
+
# Move <code>/etc/krb5.conf</code> away if it exists:
 
#: <pre>$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak</pre>
 
#: <pre>$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak</pre>
# Now run the test below with a default <code>/etc/krb5.conf</code> file. Copy the attached config file into place.
 
#: <pre>$ sudo vi /etc/krb5.conf</pre>
 
 
|actions=
 
|actions=
# Do a kinit against your Active Directory domain. Yes it's vital that you use the fully capitalized form of the domain name.
+
# Do a <code>kinit</code> against your Active Directory domain. Yes it's vital that you use the fully capitalized form of the domain name.
 
#: <pre>$ kinit Administrator@AD.EXAMPLE.COM</pre>
 
#: <pre>$ kinit Administrator@AD.EXAMPLE.COM</pre>
 
#: You should be prompted for a password, and no error message should be printed.
 
#: You should be prompted for a password, and no error message should be printed.
 +
# Now place the <code>/etc/krb5.conf</code> attached to this ticket into place. This is the default config.
 +
#: <pre>$ sudo vi /etc/krb5.conf</pre>
 +
# Do a <code>kinit</code> again.
 +
#: <pre>$ kinit Administrator@AD.EXAMPLE.COM</pre>
 +
  
 
|results=
 
|results=
The <code>kinit</code> should complete successfully
+
The <code>kinit</code> commands should complete successfully
  
 
Look at the ticket that <code>kinit</code> retrieved. It should look something like:
 
Look at the ticket that <code>kinit</code> retrieved. It should look something like:

Revision as of 13:22, 16 October 2012

Description

Work has been done to make krb5 configurationless, and unbreak the default /etc/krb5.conf that was distributed with Fedora 17 and earlier.

Setup

  1. Verify that your Active Directory domain access works. If you don't have an Active Directory domain, you can set one up.
  2. Move /etc/krb5.conf away if it exists:
    $ sudo mv /etc/krb5.conf /etc/krb5.conf.bak

How to test

  1. Do a kinit against your Active Directory domain. Yes it's vital that you use the fully capitalized form of the domain name.
    $ kinit Administrator@AD.EXAMPLE.COM
    You should be prompted for a password, and no error message should be printed.
  2. Now place the /etc/krb5.conf attached to this ticket into place. This is the default config.
    $ sudo vi /etc/krb5.conf
  3. Do a kinit again.
    $ kinit Administrator@AD.EXAMPLE.COM

Expected Results

The kinit commands should complete successfully

Look at the ticket that kinit retrieved. It should look something like:

$ klist -e
Ticket cache: DIR::/run/user/1000/krb5cc_...
Default principal: Administrator@AD.EXAMPLE.COM

Valid starting     Expires            Service principal
10/15/12 00:52:34  10/15/12 10:52:34  krbtgt/AD.EXAMPLE.COM@AD.EXAMPLE.COM
        renew until 10/16/12 00:52:39, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96