An approach for testing the krb5 KDC, fixes for UPN support
Andreas Schneider
asn at samba.org
Wed Jan 7 01:12:59 MST 2015
On Tuesday 06 January 2015 13:38:02 Andrew Bartlett wrote:
> G'Day,
Hi Andrew,
> Just a heads-up that I'm looking at how to test the Samba KDC, more than
> just by the side-effects it shows in the krb5 libraries.
>
> I realise this has serious portability constraints to the MIT codebase,
> but I think this is still worthwhile as a tool for verification.
>
> https://git.samba.org/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/krb
> 5-tests
This looks interesting.
> I'm doing this because I need a basis to then implement good tests
> around the correct behaviour with regards to the canonicalize flag and
> enterprise principal names, for fixing our enterprise UPN support,
> raised here:
>
> https://lists.samba.org/archive/samba/2013-October/176422.html
We had issues with the canonicalize flag and enterprise principal in MIT.
Heimdal has a global flag for it but the way to do it is:
https://git.samba.org/?p=gd/samba/.git;a=commitdiff;h=1527c156317d4b85e7585cf1a957860e3041521a
But we need to set this each time canonicalization is needed. So there a lot
more places in the code which are missing this.
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list