RFR 8215032: Support Kerberos cross-realm referrals (RFC 6806)
Weijun Wang
weijun.wang at oracle.com
Thu Jun 6 01:20:05 UTC 2019
Hi Martin,
The new test in the changeset uses a simple homemade KDC and we might want to develop some internal tests that access real KDCs. For the server referral part, I think we can clone some existing cross-realm authentication test and remove the [domain_realm] part in the client's krb5.conf and see if the authentication still succeeds. For the client part, do you have a test procedure?
I've included Siba in this mail, our SQE maintaining the kerberos internal tests.
Thanks,
Max
p.s. I am looking at https://github.com/krb5/krb5/blob/master/src/tests/t_referral.py, which mentions:
113 # Test client referrals. Use the test KDB module for KRBTEST1.COM to
114 # simulate referrals since our built-in modules do not support them.
115 # No cross-realm TGTs are necessary.
Do we also need this test KDB module?
More information about the security-dev
mailing list