From Fedora Project Wiki
(Tweaks) |
|||
| Line 3: | Line 3: | ||
In the various instructions replace <code>AD.EXAMPLE.COM</code> with your kerberos realm. Normally this is the same as the domain, but upper case. | In the various instructions replace <code>AD.EXAMPLE.COM</code> with your kerberos realm. Normally this is the same as the domain, but upper case. | ||
== Realm | == Realm Requirements == | ||
You need access to a Kerberos realm in order to perform these tests. | You need access to a Kerberos realm in order to perform these tests. | ||
| Line 10: | Line 10: | ||
If you do not have access to a kerberos realm, you can [[QA:Testcase_Active_Directory_Setup|setup an Active Directory domain]]. Active Directory runs kerberos and is useful to test against. | If you do not have access to a kerberos realm, you can [[QA:Testcase_Active_Directory_Setup|setup an Active Directory domain]]. Active Directory runs kerberos and is useful to test against. | ||
=== Testing DNS === | |||
Use the following commands to do some basic smoke testing that your realm DNS works. The output should look similar, obviously specifics different for your realm. | |||
<pre> | |||
$ host ad.example.com | |||
ad.example.com has address X.X.X.X | |||
$ host -t SRV _kerberos._udp.ad.example.com | |||
_kerberos._udp.ad.example.com has SRV record 0 100 88 domain-controller.ad.example.com. | |||
</pre> | |||
* If any of the above fail, then DNS is not working properly for your realm. | |||
== Software == | == Software == | ||
Revision as of 17:14, 8 May 2013
These are requirements for the various Kerberos test cases.
In the various instructions replace AD.EXAMPLE.COM with your kerberos realm. Normally this is the same as the domain, but upper case.
Realm Requirements
You need access to a Kerberos realm in order to perform these tests.
- The realm should be setup so that it is advertised in DNS correctly, and resolveable from your machine.
- You need an account on the realm, and the account password.
If you do not have access to a kerberos realm, you can setup an Active Directory domain. Active Directory runs kerberos and is useful to test against.
Testing DNS
Use the following commands to do some basic smoke testing that your realm DNS works. The output should look similar, obviously specifics different for your realm.
$ host ad.example.com ad.example.com has address X.X.X.X $ host -t SRV _kerberos._udp.ad.example.com _kerberos._udp.ad.example.com has SRV record 0 100 88 domain-controller.ad.example.com.
- If any of the above fail, then DNS is not working properly for your realm.
Software
The tests require MIT kerberos krb5 version 1.11 or later. Install the following packages:
$ sudo yum install krb5-libs krb5-workstation