testprogs/blackbox/test_kinit.sh
Andrew Bartlett
abartlet at samba.org
Fri Dec 18 20:24:46 UTC 2015
On Fri, 2015-12-18 at 16:05 +0100, Andreas Schneider wrote:
> Hello,
>
> I wonder what the purpose of testprogs/blackbox/test_kinit.sh is? Is
> it to
> test kinit or the functionality behind it?
>
> We need to replace this script and it should be in a way that is not
> Kerberos
> implementation specific.
>
> Implement a Kerberos independent kinit or can we use a Samba API?
It was written that way to get some coverage of kerberos features that
are not exposed in Samba client tools, but which we expose and need in
the AD DC.
We also wanted to have some testing with something closer to 'real
world' clients and use cases, so as not to have embarrassing failures
if our internal API (for a silly example) always requested a PAC, but
kinit didn't.
> The same applies to testprogs/blackbox/test_pkinit.sh and
> testprogs/blackbox/test_kinit_trusts.sh.
Again, we have no Samba API to do PKINIT as a client, so kinit was
used.
I hope this clarifies things.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list