kerberos testing server/realm
Roland Mainz
rmainz at redhat.com
Tue Sep 2 05:24:48 EDT 2014
----- Original Message -----
> From: "bodik" <bodik at civ.zcu.cz>
> To: kerberos at mit.edu
> Sent: Tuesday, September 2, 2014 10:20:23 AM
> Subject: kerberos testing server/realm
>
> Hello,
>
> I've question regarding testing GSS-API/Kerberos enabled applications.
>
> While working on some tweaks for rsyslogd I found that developers might miss
> a
> testing environment. Of course is possible for everyone to create a TEST
> realm,
> register all needed principals (which could be tough in dynamic clouds) and
> happily test the application at least some it's basic functionality which
> depends on auth...
>
>
> But I was thinking, if there would be something like "static_kdc.c" ? some
> very
> small implementation without all fancy features like PA, crossrealming, heavy
> encryption, something which would just send out session keys to everybody
> having
> some static secrets for anyone ... ?
>
>
> Is there anything like that or even could be this possible ?
> Or am I completely our of line ?
... and while we're making a wishlist for test environments... what about a way to run such a test KDC on a given pipe file (e.g. /tmp/mypipe or /dev/fd/18 or /proc/$parentpid/fd/18 for pipe/socket descriptors inherited by the parent process) so that neither special (root/admin) permissions are required nor IPv[46]/port collisions need to be avoided (think about running hundreds of tests in parallel).
----
Bye,
Roland
--
__ . . __
(o.\ \/ /.o) rmainz at redhat.com
\__\/\/__/ IPA/Kerberos5 team
/O /==\ O\
(;O/ \/ \O;)
More information about the Kerberos
mailing list