An approach for testing the krb5 KDC, fixes for UPN support

Andreas Schneider asn at
Wed Jan 7 01:12:59 MST 2015

On Tuesday 06 January 2015 13:38:02 Andrew Bartlett wrote:
> G'Day,

Hi Andrew,

> Just a heads-up that I'm looking at how to test the Samba KDC, more than
> just by the side-effects it shows in the krb5 libraries.
> I realise this has serious portability constraints to the MIT codebase,
> but I think this is still worthwhile as a tool for verification.
> 5-tests

This looks interesting.

> I'm doing this because I need a basis to then implement good tests
> around the correct behaviour with regards to the canonicalize flag and
> enterprise principal names, for fixing our enterprise UPN support,
> raised here:

We had issues with the canonicalize flag and enterprise principal in MIT. 
Heimdal has a global flag for it but the way to do it is:;a=commitdiff;h=1527c156317d4b85e7585cf1a957860e3041521a

But we need to set this each time canonicalization is needed. So there a lot 
more places in the code which are missing this.

	-- andreas

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at

More information about the samba-technical mailing list