Problems creating a Kerberos test (sw_gethostbyname?)
Andrew Bartlett
abartlet at samba.org
Tue Feb 14 22:25:30 GMT 2006
I'm having some particular difficulty creating an automated kerberos
testsuite for Samba4. The problem is, unlike NTLM, kerberos is very
tied to names and the DNS system. In particular, things we want to test
(in particular DNS-based kdc lookup) are in DNS, and the names of hosts
we want to contact are DNS names.
For the large part, I thought we could cludge around the problem: We
mostly do netbios lookups for our name->IP mappings. However, this
isn't exclusive, sometimes we just do gethostbyname(). Furthermore, the
Heimdal DNS KDC lookup code does deep calls into the resolver library.
To test this area properly, I really need to direct all host lookups to
an 'internal' DNS, pointed at the zone file provision generates.
I can't use the name 'localhost', because that name is meaningless in
kerberos. I need to use a 'real' name. Proper testing would use both
long and short forms of the name.
I'm looking for pointers and suggestions on how we can do this,
hopefully without effectively re-inventing a DNS server, and still
covering all the cases.
Any ideas?
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20060215/9914a86e/attachment.bin
More information about the samba-technical
mailing list