nixpkgs/nixos/tests/kerberos/heimdal.nix

import ../make-test-python.nix ({pkgs, ...}: {
  name = "kerberos_server-heimdal";
  machine = { config, libs, pkgs, ...}:
  { services.kerberos_server =
    { enable = true;
      realms = {
        "FOO.BAR".acl = [{principal = "admin"; access = ["add" "cpw"];}];
      };
    };
    krb5 = {
      enable = true;
      kerberos = pkgs.heimdalFull;
      libdefaults = {
        default_realm = "FOO.BAR";
      };
      realms = {
        "FOO.BAR" = {
          admin_server = "machine";
          kdc = "machine";
        };
      };
    };
  };

  testScript = ''
    machine.succeed(
        "kadmin -l init --realm-max-ticket-life='8 day' --realm-max-renewable-life='10 day' FOO.BAR",
        "systemctl restart kadmind.service kdc.service",
    )

    for unit in ["kadmind", "kdc", "kpasswdd"]:
        machine.wait_for_unit(f"{unit}.service")

    machine.succeed(
        "kadmin -l add --password=admin_pw --use-defaults admin",
        "kadmin -l ext_keytab --keytab=admin.keytab admin",
        "kadmin -p admin -K admin.keytab add --password=alice_pw --use-defaults alice",
        "kadmin -l ext_keytab --keytab=alice.keytab alice",
        "kinit -kt alice.keytab alice",
    )
  '';
})
nixos/kerberos: port tests to python 2019-11-23 12:25:27 +00:00			`import ../make-test-python.nix ({pkgs, ...}: {`
kerberos-server: add kerberos option Allow switching out kerberos server implementation. Sharing config is probably sensible, but implementation is different enough to be worth splitting into two files. Not sure this is the correct way to split an implementation, but it works for now. Uses the switch from config.krb5 to select implementation. 2017-11-06 17:41:34 +00:00			`name = "kerberos_server-heimdal";`
			`machine = { config, libs, pkgs, ...}:`
			`{ services.kerberos_server =`
			`{ enable = true;`
			`realms = {`
			`"FOO.BAR".acl = [{principal = "admin"; access = ["add" "cpw"];}];`
			`};`
			`};`
			`krb5 = {`
			`enable = true;`
			`kerberos = pkgs.heimdalFull;`
			`libdefaults = {`
			`default_realm = "FOO.BAR";`
			`};`
			`realms = {`
			`"FOO.BAR" = {`
			`admin_server = "machine";`
			`kdc = "machine";`
			`};`
			`};`
			`};`
			`};`

			`testScript = ''`
nixos/kerberos: port tests to python 2019-11-23 12:25:27 +00:00			`machine.succeed(`
			`"kadmin -l init --realm-max-ticket-life='8 day' --realm-max-renewable-life='10 day' FOO.BAR",`
			`"systemctl restart kadmind.service kdc.service",`
			`)`
kerberos-server: add kerberos option Allow switching out kerberos server implementation. Sharing config is probably sensible, but implementation is different enough to be worth splitting into two files. Not sure this is the correct way to split an implementation, but it works for now. Uses the switch from config.krb5 to select implementation. 2017-11-06 17:41:34 +00:00
nixos/kerberos: port tests to python 2019-11-23 12:25:27 +00:00			`for unit in ["kadmind", "kdc", "kpasswdd"]:`
			`machine.wait_for_unit(f"{unit}.service")`
kerberos-server: add kerberos option Allow switching out kerberos server implementation. Sharing config is probably sensible, but implementation is different enough to be worth splitting into two files. Not sure this is the correct way to split an implementation, but it works for now. Uses the switch from config.krb5 to select implementation. 2017-11-06 17:41:34 +00:00
nixos/kerberos: port tests to python 2019-11-23 12:25:27 +00:00			`machine.succeed(`
			`"kadmin -l add --password=admin_pw --use-defaults admin",`
			`"kadmin -l ext_keytab --keytab=admin.keytab admin",`
			`"kadmin -p admin -K admin.keytab add --password=alice_pw --use-defaults alice",`
			`"kadmin -l ext_keytab --keytab=alice.keytab alice",`
			`"kinit -kt alice.keytab alice",`
			`)`
kerberos-server: add kerberos option Allow switching out kerberos server implementation. Sharing config is probably sensible, but implementation is different enough to be worth splitting into two files. Not sure this is the correct way to split an implementation, but it works for now. Uses the switch from config.krb5 to select implementation. 2017-11-06 17:41:34 +00:00			`'';`
			`})`