1This directory contains configuration required to run the complete 2pam-krb5 test suite. If there is no configuration in this directory, many 3of the tests will be skipped. To enable the full test suite, create the 4following files: 5 6admin-keytab 7 8 A keytab for a principal (in the same realm as the test principal 9 configured in password) that has admin access to inspect and modify 10 that test principal. For an MIT Kerberos KDC, it needs "mci" 11 permissions in kadm5.acl for that principal. For a Heimdal KDC, it 12 needs "cpw,list,modify" permissions (obviously, "all" will do). This 13 file is optional; if not present, the tests requiring admin 14 modification of a principal will be skipped. 15 16krb5.conf 17 18 This is optional and not required if the Kerberos realm used for 19 testing is configured in DNS or your system krb5.conf file and that 20 file is in either /etc/krb5.conf or /usr/local/etc/krb5.conf. 21 Otherwise, create a krb5.conf file that contains the realm information 22 (KDC, kpasswd server, and admin server) for the realm you're using for 23 testing. You don't need to worry about setting the default realm; 24 this will be done automatically in the generated file used by the test 25 suite. 26 27keytab 28 29 An optional keytab for a principal, which generally should be in the 30 same realm as the user configured in the password file. This is used 31 to test FAST support with a ticket cache. 32 33password 34 35 This file should contain two lines. The first line is the 36 fully-qualified principal (including the realm) of a Kerberos 37 principal to use for testing authentication. The second line is the 38 password for that principal. 39 40 If the realm of the principal is not configured in either DNS or in 41 your system krb5.conf file (/usr/local/etc/krb5.conf or 42 /etc/krb5.conf) with the KDC, kpasswd server, and admin server, you 43 will need to also provide a krb5.conf file in this directory. See 44 below. 45 46pkinit-cert 47 48 Certificate and private key (concatenated together) for PKINIT 49 authentication for the user listed in the pkinit-principal file. 50 Optional; PKINIT checks will be skipped if this file isn't present. 51 52pkinit-principal 53 54 Principal to use to test PKINIT authentication. Must be the Kerberos 55 identity corresponding to the certificate and private key given in 56 pkinit-cert. Optional; PKINIT checks will be skipped if this file 57 isn't present. 58 59----- 60 61Copyright 2017, 2020 Russ Allbery <eagle@eyrie.org> 62Copyright 2011-2012 63 The Board of Trustees of the Leland Stanford Junior University 64 65Copying and distribution of this file, with or without modification, are 66permitted in any medium without royalty provided the copyright notice and 67this notice are preserved. This file is offered as-is, without any 68warranty. 69 70SPDX-License-Identifier: FSFAP 71