Name Date Size #Lines LOC

..--

READMEH A D05-Jun-20252.8 KiB7153

README

1This directory contains configuration required to run the complete
2pam-krb5 test suite.  If there is no configuration in this directory, many
3of the tests will be skipped.  To enable the full test suite, create the
4following files:
5
6admin-keytab
7
8    A keytab for a principal (in the same realm as the test principal
9    configured in password) that has admin access to inspect and modify
10    that test principal.  For an MIT Kerberos KDC, it needs "mci"
11    permissions in kadm5.acl for that principal.  For a Heimdal KDC, it
12    needs "cpw,list,modify" permissions (obviously, "all" will do).  This
13    file is optional; if not present, the tests requiring admin
14    modification of a principal will be skipped.
15
16krb5.conf
17
18    This is optional and not required if the Kerberos realm used for
19    testing is configured in DNS or your system krb5.conf file and that
20    file is in either /etc/krb5.conf or /usr/local/etc/krb5.conf.
21    Otherwise, create a krb5.conf file that contains the realm information
22    (KDC, kpasswd server, and admin server) for the realm you're using for
23    testing.  You don't need to worry about setting the default realm;
24    this will be done automatically in the generated file used by the test
25    suite.
26
27keytab
28
29    An optional keytab for a principal, which generally should be in the
30    same realm as the user configured in the password file.  This is used
31    to test FAST support with a ticket cache.
32
33password
34
35    This file should contain two lines.  The first line is the
36    fully-qualified principal (including the realm) of a Kerberos
37    principal to use for testing authentication.  The second line is the
38    password for that principal.
39
40    If the realm of the principal is not configured in either DNS or in
41    your system krb5.conf file (/usr/local/etc/krb5.conf or
42    /etc/krb5.conf) with the KDC, kpasswd server, and admin server, you
43    will need to also provide a krb5.conf file in this directory.  See
44    below.
45
46pkinit-cert
47
48    Certificate and private key (concatenated together) for PKINIT
49    authentication for the user listed in the pkinit-principal file.
50    Optional; PKINIT checks will be skipped if this file isn't present.
51
52pkinit-principal
53
54    Principal to use to test PKINIT authentication.  Must be the Kerberos
55    identity corresponding to the certificate and private key given in
56    pkinit-cert.  Optional; PKINIT checks will be skipped if this file
57    isn't present.
58
59-----
60
61Copyright 2017, 2020 Russ Allbery <eagle@eyrie.org>
62Copyright 2011-2012
63    The Board of Trustees of the Leland Stanford Junior University
64
65Copying and distribution of this file, with or without modification, are
66permitted in any medium without royalty provided the copyright notice and
67this notice are preserved.  This file is offered as-is, without any
68warranty.
69
70SPDX-License-Identifier: FSFAP
71