From Fedora Project Wiki
(Initial test case) |
(Link to the page for testing domain access) |
||
| Line 2: | Line 2: | ||
|description=Work has been done to make <code>krb5</code> configurationless, and unbreak the default <code>/etc/krb5.conf</code> that was distributed with Fedora 17 and earlier. | |description=Work has been done to make <code>krb5</code> configurationless, and unbreak the default <code>/etc/krb5.conf</code> that was distributed with Fedora 17 and earlier. | ||
|setup= | |setup= | ||
# | # [[Features/ActiveDirectory/TestBed|Verify that your Active Directory domain access works]]. If you don't have an Active Directory domain, you can [[Features/ActiveDirectory/TestBed|set one up]]. | ||
# | # Move <code>/etc/krb5.conf</code> away if it exists: | ||
#: <pre>$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak</pre> | #: <pre>$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak</pre> | ||
|actions= | |actions= | ||
# Do a kinit against your Active Directory domain. Yes it's vital that you use the fully capitalized form of the domain name. | # Do a <code>kinit</code> against your Active Directory domain. Yes it's vital that you use the fully capitalized form of the domain name. | ||
#: <pre>$ kinit Administrator@AD.EXAMPLE.COM</pre> | #: <pre>$ kinit Administrator@AD.EXAMPLE.COM</pre> | ||
#: You should be prompted for a password, and no error message should be printed. | #: You should be prompted for a password, and no error message should be printed. | ||
# Now place the <code>/etc/krb5.conf</code> attached to this ticket into place. This is the default config. | |||
#: <pre>$ sudo vi /etc/krb5.conf</pre> | |||
# Do a <code>kinit</code> again. | |||
#: <pre>$ kinit Administrator@AD.EXAMPLE.COM</pre> | |||
|results= | |results= | ||
The <code>kinit</code> should complete successfully | The <code>kinit</code> commands should complete successfully | ||
Look at the ticket that <code>kinit</code> retrieved. It should look something like: | Look at the ticket that <code>kinit</code> retrieved. It should look something like: | ||
Revision as of 13:22, 16 October 2012
Description
Work has been done to make krb5 configurationless, and unbreak the default /etc/krb5.conf that was distributed with Fedora 17 and earlier.
Setup
- Verify that your Active Directory domain access works. If you don't have an Active Directory domain, you can set one up.
- Move
/etc/krb5.confaway if it exists:$ sudo mv /etc/krb5.conf /etc/krb5.conf.bak
How to test
- Do a
kinitagainst your Active Directory domain. Yes it's vital that you use the fully capitalized form of the domain name.$ kinit Administrator@AD.EXAMPLE.COM
- You should be prompted for a password, and no error message should be printed.
- Now place the
/etc/krb5.confattached to this ticket into place. This is the default config.$ sudo vi /etc/krb5.conf
- Do a
kinitagain.$ kinit Administrator@AD.EXAMPLE.COM
Expected Results
The kinit commands should complete successfully
Look at the ticket that kinit retrieved. It should look something like:
$ klist -e
Ticket cache: DIR::/run/user/1000/krb5cc_...
Default principal: Administrator@AD.EXAMPLE.COM
Valid starting Expires Service principal
10/15/12 00:52:34 10/15/12 10:52:34 krbtgt/AD.EXAMPLE.COM@AD.EXAMPLE.COM
renew until 10/16/12 00:52:39, Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96