(Tweaks) |
(Add about krb5.conf) |
||
(2 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
In the various instructions replace <code>AD.EXAMPLE.COM</code> with your kerberos realm. Normally this is the same as the domain, but upper case. | In the various instructions replace <code>AD.EXAMPLE.COM</code> with your kerberos realm. Normally this is the same as the domain, but upper case. | ||
== Realm | == Realm Requirements == | ||
You need access to a Kerberos realm in order to perform these tests. | You need access to a Kerberos realm in order to perform these tests. | ||
Line 10: | Line 10: | ||
If you do not have access to a kerberos realm, you can [[QA:Testcase_Active_Directory_Setup|setup an Active Directory domain]]. Active Directory runs kerberos and is useful to test against. | If you do not have access to a kerberos realm, you can [[QA:Testcase_Active_Directory_Setup|setup an Active Directory domain]]. Active Directory runs kerberos and is useful to test against. | ||
== Testing DNS == | |||
Use the following commands to do some basic smoke testing that your realm DNS works. The output should look similar, obviously specifics different for your realm. | |||
<pre> | |||
$ host ad.example.com | |||
ad.example.com has address X.X.X.X | |||
$ host -t SRV _kerberos._udp.ad.example.com | |||
_kerberos._udp.ad.example.com has SRV record 0 100 88 domain-controller.ad.example.com. | |||
</pre> | |||
* If any of the above fail, then DNS is not working properly for your realm. | |||
== Software == | == Software == | ||
Line 18: | Line 32: | ||
[[Category:Active_Directory_Test_Cases]] [[Category:Kerberos_Test_Cases]] | [[Category:Active_Directory_Test_Cases]] [[Category:Kerberos_Test_Cases]] | ||
== Config krb5.conf == | |||
Old <code>/etc/krb5.conf</code> files distributed with Fedora 17 or earlier were broken. It should not be necessary to have a complex <code>krb5.conf</code> file. | |||
You can replace yours with the default by doing: | |||
<pre>$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak | |||
$ sudo yum reinstall krb5-libs</pre> |
Latest revision as of 07:12, 9 May 2013
These are requirements for the various Kerberos test cases.
In the various instructions replace AD.EXAMPLE.COM
with your kerberos realm. Normally this is the same as the domain, but upper case.
Realm Requirements
You need access to a Kerberos realm in order to perform these tests.
- The realm should be setup so that it is advertised in DNS correctly, and resolveable from your machine.
- You need an account on the realm, and the account password.
If you do not have access to a kerberos realm, you can setup an Active Directory domain. Active Directory runs kerberos and is useful to test against.
Testing DNS
Use the following commands to do some basic smoke testing that your realm DNS works. The output should look similar, obviously specifics different for your realm.
$ host ad.example.com ad.example.com has address X.X.X.X $ host -t SRV _kerberos._udp.ad.example.com _kerberos._udp.ad.example.com has SRV record 0 100 88 domain-controller.ad.example.com.
- If any of the above fail, then DNS is not working properly for your realm.
Software
The tests require MIT kerberos krb5
version 1.11 or later. Install the following packages:
$ sudo yum install krb5-libs krb5-workstation
Config krb5.conf
Old /etc/krb5.conf
files distributed with Fedora 17 or earlier were broken. It should not be necessary to have a complex krb5.conf
file.
You can replace yours with the default by doing:
$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak $ sudo yum reinstall krb5-libs