diff options
author | Greg Hudson <ghudson@mit.edu> | 2012-06-15 11:14:39 -0400 |
---|---|---|
committer | Greg Hudson <ghudson@mit.edu> | 2012-07-02 00:59:45 -0400 |
commit | d1fe0728c830fe52bdcb5d53c517a9462391069d (patch) | |
tree | 9030eff3f99c4fb2f240380999b09be246b8fb41 /src/tests/dejagnu | |
parent | 49ba7c90fce86581ff6faaa9ee48c80b0be9491e (diff) | |
download | krb5-d1fe0728c830fe52bdcb5d53c517a9462391069d.tar.gz krb5-d1fe0728c830fe52bdcb5d53c517a9462391069d.tar.xz krb5-d1fe0728c830fe52bdcb5d53c517a9462391069d.zip |
Add krb5_kt_client_default API
The default client keytab is intended to be used to automatically
acquire initial credentials for client applications. The current
hardcoded default is a placeholder, and will likely change before
1.11.
Add test framework settings to ensure that a system default client
keytab doesn't interfere with tests, and to allow tests to be written
to deliberately use the default client keytab.
Add documentation about keytabs to the concepts section of the RST
docs, and describe the default client keytab there.
ticket: 7188 (new)
Diffstat (limited to 'src/tests/dejagnu')
-rw-r--r-- | src/tests/dejagnu/config/default.exp | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 8ab4b7902d..192ac6da9f 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -631,7 +631,7 @@ proc envstack_pop { } { # Initialize the envstack # set envvars_tosave { - KRB5_CONFIG KRB5CCNAME KRBTKFILE KRB5RCACHEDIR KRB5_KDC_PROFILE + KRB5_CONFIG KRB5CCNAME KRB5_CLIENT_KTNAME KRB5RCACHEDIR KRB5_KDC_PROFILE } set krb5_init_vars [list ] # XXX -- fix me later! @@ -997,6 +997,12 @@ if [info exists env(KRB5CCNAME)] { catch "unset orig_krb5ccname" } +if [info exists env(KRB5_CLIENT_KTNAME)] { + set orig_krb5clientktname $env(KRB5_CLIENT_KTNAME) +} else { + catch "unset orig_krb5clientktname" +} + if [ info exists env(KRB5RCACHEDIR)] { set orig_krb5rcachedir $env(KRB5RCACHEDIR) } else { @@ -1024,6 +1030,10 @@ proc setup_kerberos_env { {type client} } { set env(KRB5CCNAME) $tmppwd/tkt verbose "KRB5CCNAME=$env(KRB5CCNAME)" + # Direct the Kerberos programs at a local client keytab. + set env(KRB5_CLIENT_KTNAME) $tmppwd/client_keytab + verbose "KRB5_CLIENT_KTNAME=$env(KRB5_CLIENT_KTNAME)" + # Direct the Kerberos server at a cache file stored in the # temporary directory. set env(KRB5RCACHEDIR) $tmppwd @@ -1049,6 +1059,7 @@ proc setup_kerberos_env { {type client} } { set envfile [open $tmppwd/$type-env.sh w] puts $envfile "KRB5_CONFIG=$env(KRB5_CONFIG)" puts $envfile "KRB5CCNAME=$env(KRB5CCNAME)" + puts $envfile "KRB5_CLIENT_KTNAME=$env(KRB5_CLIENT_KTNAME)" puts $envfile "KRB5RCACHEDIR=$env(KRB5RCACHEDIR)" if [info exists env(KRB5_KDC_PROFILE)] { puts $envfile "KRB5_KDC_PROFILE=$env(KRB5_KDC_PROFILE)" @@ -1056,7 +1067,7 @@ proc setup_kerberos_env { {type client} } { puts $envfile "unset KRB5_KDC_PROFILE" } puts $envfile "export KRB5_CONFIG KRB5CCNAME KRB5RCACHEDIR" - puts $envfile "export KRB5_KDC_PROFILE" + puts $envfile "export KRB5_KDC_PROFILE KRB5_CLIENT_KTNAME" foreach i $krb5_init_vars { regexp "^(\[^=\]*)=(.*)" $i foo evar evalue puts $envfile "$evar=$env($evar)" @@ -1068,6 +1079,7 @@ proc setup_kerberos_env { {type client} } { set envfile [open $tmppwd/$type-env.csh w] puts $envfile "setenv KRB5_CONFIG $env(KRB5_CONFIG)" puts $envfile "setenv KRB5CCNAME $env(KRB5CCNAME)" + puts $envfile "setenv KRB5_CLIENT_KTNAME $env(KRB5_CLIENT_KTNAME)" puts $envfile "setenv KRB5RCACHEDIR $env(KRB5RCACHEDIR)" if [info exists env(KRB5_KDC_PROFILE)] { puts $envfile "setenv KRB5_KDC_PROFILE $env(KRB5_KDC_PROFILE)" |