Andrew Bartlett abartlet at samba.org
Fri Dec 18 20:24:46 UTC 2015

On Fri, 2015-12-18 at 16:05 +0100, Andreas Schneider wrote:
> Hello,
> I wonder what the purpose of testprogs/blackbox/test_kinit.sh is? Is
> it to 
> test kinit or the functionality behind it?
> We need to replace this script and it should be in a way that is not
> Kerberos 
> implementation specific.
> Implement a Kerberos independent kinit or can we use a Samba API?

It was written that way to get some coverage of kerberos features that
are not exposed in Samba client tools, but which we expose and need in
the AD DC. 

We also wanted to have some testing with something closer to 'real
world' clients and use cases, so as not to have embarrassing failures
if our internal API (for a silly example) always requested a PAC, but
kinit didn't.

> The same applies to testprogs/blackbox/test_pkinit.sh and 
> testprogs/blackbox/test_kinit_trusts.sh.

Again, we have no Samba API to do PKINIT as a client, so kinit was

I hope this clarifies things.  

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list