From d1fe0728c830fe52bdcb5d53c517a9462391069d Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 15 Jun 2012 11:14:39 -0400 Subject: Add krb5_kt_client_default API The default client keytab is intended to be used to automatically acquire initial credentials for client applications. The current hardcoded default is a placeholder, and will likely change before 1.11. Add test framework settings to ensure that a system default client keytab doesn't interfere with tests, and to allow tests to be written to deliberately use the default client keytab. Add documentation about keytabs to the concepts section of the RST docs, and describe the default client keytab there. ticket: 7188 (new) --- src/util/k5test.py | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/util') diff --git a/src/util/k5test.py b/src/util/k5test.py index f60cb5d0b..c5669bef2 100644 --- a/src/util/k5test.py +++ b/src/util/k5test.py @@ -309,6 +309,9 @@ Scripts may use the following realm methods and attributes: * realm.keytab: A keytab file in realm.testdir. Initially contains a host keytab unless disabled by the realm construction options. +* realm.client_keytab: A keytab file in realm.testdir. Initially + nonexistent. + * realm.ccache: A ccache file in realm.testdir. Initially contains credentials for user unless disabled by the realm construction options. @@ -705,6 +708,7 @@ class K5Realm(object): self.nfs_princ = 'nfs/%s@%s' % (hostname, self.realm) self.krbtgt_princ = 'krbtgt/%s@%s' % (self.realm, self.realm) self.keytab = os.path.join(self.testdir, 'keytab') + self.client_keytab = os.path.join(self.testdir, 'client_keytab') self.ccache = os.path.join(self.testdir, 'ccache') self.kadmin_ccache = os.path.join(self.testdir, 'kadmin_ccache') self._krb5_conf = _cfg_merge(_default_krb5_conf, krb5_conf) @@ -835,6 +839,7 @@ class K5Realm(object): env['KRB5_KDC_PROFILE'] = filename env['KRB5CCNAME'] = self.ccache env['KRB5_KTNAME'] = self.keytab + env['KRB5_CLIENT_KTNAME'] = self.client_keytab env['KRB5RCACHEDIR'] = self.testdir return env -- cgit