2017-09-23 04:18:44 +01:00
|
|
|
# Verifies that the configuration suggested in (non-deprecated) example values
|
|
|
|
# will result in the expected output.
|
|
|
|
|
2020-02-14 08:56:32 +00:00
|
|
|
import ../make-test-python.nix ({ pkgs, ...} : {
|
2017-09-23 04:18:44 +01:00
|
|
|
name = "krb5-with-example-config";
|
2021-01-10 19:08:30 +00:00
|
|
|
meta = with pkgs.lib.maintainers; {
|
2017-09-23 04:18:44 +01:00
|
|
|
maintainers = [ eqyiel ];
|
|
|
|
};
|
|
|
|
|
2022-03-20 23:15:30 +00:00
|
|
|
nodes.machine =
|
2018-07-20 21:56:59 +01:00
|
|
|
{ pkgs, ... }: {
|
2017-09-23 04:18:44 +01:00
|
|
|
krb5 = {
|
|
|
|
enable = true;
|
2022-11-18 01:13:16 +00:00
|
|
|
kerberos = pkgs.krb5;
|
2017-09-23 04:18:44 +01:00
|
|
|
libdefaults = {
|
|
|
|
default_realm = "ATHENA.MIT.EDU";
|
|
|
|
};
|
|
|
|
realms = {
|
|
|
|
"ATHENA.MIT.EDU" = {
|
|
|
|
admin_server = "athena.mit.edu";
|
2020-08-25 16:18:56 +01:00
|
|
|
kdc = [
|
|
|
|
"athena01.mit.edu"
|
|
|
|
"athena02.mit.edu"
|
|
|
|
];
|
2017-09-23 04:18:44 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
domain_realm = {
|
|
|
|
"example.com" = "EXAMPLE.COM";
|
|
|
|
".example.com" = "EXAMPLE.COM";
|
|
|
|
};
|
|
|
|
capaths = {
|
|
|
|
"ATHENA.MIT.EDU" = {
|
|
|
|
"EXAMPLE.COM" = ".";
|
|
|
|
};
|
|
|
|
"EXAMPLE.COM" = {
|
|
|
|
"ATHENA.MIT.EDU" = ".";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
appdefaults = {
|
|
|
|
pam = {
|
|
|
|
debug = false;
|
|
|
|
ticket_lifetime = 36000;
|
|
|
|
renew_lifetime = 36000;
|
|
|
|
max_timeout = 30;
|
|
|
|
timeout_shift = 2;
|
|
|
|
initial_timeout = 1;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
plugins = {
|
|
|
|
ccselect = {
|
|
|
|
disable = "k5identity";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
extraConfig = ''
|
|
|
|
[logging]
|
|
|
|
kdc = SYSLOG:NOTICE
|
|
|
|
admin_server = SYSLOG:NOTICE
|
|
|
|
default = SYSLOG:NOTICE
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
testScript =
|
|
|
|
let snapshot = pkgs.writeText "krb5-with-example-config.conf" ''
|
|
|
|
[libdefaults]
|
|
|
|
default_realm = ATHENA.MIT.EDU
|
|
|
|
|
|
|
|
[realms]
|
|
|
|
ATHENA.MIT.EDU = {
|
|
|
|
admin_server = athena.mit.edu
|
2020-08-25 16:18:56 +01:00
|
|
|
kdc = athena01.mit.edu
|
|
|
|
kdc = athena02.mit.edu
|
2017-09-23 04:18:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
[domain_realm]
|
|
|
|
.example.com = EXAMPLE.COM
|
|
|
|
example.com = EXAMPLE.COM
|
|
|
|
|
|
|
|
[capaths]
|
|
|
|
ATHENA.MIT.EDU = {
|
|
|
|
EXAMPLE.COM = .
|
|
|
|
}
|
|
|
|
EXAMPLE.COM = {
|
|
|
|
ATHENA.MIT.EDU = .
|
|
|
|
}
|
|
|
|
|
|
|
|
[appdefaults]
|
|
|
|
pam = {
|
|
|
|
debug = false
|
|
|
|
initial_timeout = 1
|
|
|
|
max_timeout = 30
|
|
|
|
renew_lifetime = 36000
|
|
|
|
ticket_lifetime = 36000
|
|
|
|
timeout_shift = 2
|
|
|
|
}
|
|
|
|
|
|
|
|
[plugins]
|
|
|
|
ccselect = {
|
|
|
|
disable = k5identity
|
|
|
|
}
|
|
|
|
|
|
|
|
[logging]
|
|
|
|
kdc = SYSLOG:NOTICE
|
|
|
|
admin_server = SYSLOG:NOTICE
|
|
|
|
default = SYSLOG:NOTICE
|
|
|
|
'';
|
|
|
|
in ''
|
2020-02-14 08:56:32 +00:00
|
|
|
machine.succeed(
|
|
|
|
"diff /etc/krb5.conf ${snapshot}"
|
|
|
|
)
|
2017-09-23 04:18:44 +01:00
|
|
|
'';
|
|
|
|
})
|