Skip to content

Commit

Permalink
Fix test regressions related to krb5 ccache change
Browse files Browse the repository at this point in the history 
We still need to have a temporary ccache for validating credentials
within secrets.tdb, and the test for klist output needs to be updated
for the keyring-backed kerberos ccache.
  • Loading branch information
@anodos325
anodos325 committed Jul 18, 2024
1 parent b6ccee6 commit 67c677c
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 2 deletions.
3 changes: 3 additions & 0 deletions src/middlewared/middlewared/utils/directoryservices/krb5_constants.py
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
import enum

from middlewared.utils import MIDDLEWARE_RUN_DIR

KRB_TKT_CHECK_INTERVAL = 1800
PERSISTENT_KEYRING_PREFIX = 'KEYRING:persistent:'

Expand All @@ -10,6 +12,7 @@ class KRB_Keytab(enum.Enum):

class krb5ccache(enum.Enum):
SYSTEM = f'{PERSISTENT_KEYRING_PREFIX}0'
TEMP = f'{MIDDLEWARE_RUN_DIR}/krb5cc_middleware_temp'
USER = PERSISTENT_KEYRING_PREFIX # middleware appends UID number to this


Expand Down
4 changes: 2 additions & 2 deletions tests/api2/test_032_ad_kerberos.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -333,8 +333,8 @@ def test_verify_nfs_krb_disabled():
def test_kerberos_ticket_management(do_ad_connection):
klist_out = call('kerberos.klist')
assert klist_out['default_principal'].startswith(hostname.upper()), str(klist_out)
assert klist_out['ticket_cache']['type'] == 'FILE'
assert klist_out['ticket_cache']['name'] == '/var/run/middleware/krb5cc_0'
assert klist_out['ticket_cache']['type'] == 'KEYRING'
assert klist_out['ticket_cache']['name'].startswith('persistent:0')
assert len(klist_out['tickets']) != 0

to_check = None
Expand Down

0 comments on commit 67c677c

Please sign in to comment.