Functional test of KDC for monitoring?

2013-01-11 Thread Jeff Blaine
How are folks performing functional testing of KDCs (without PKINIT)? Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos

Re: Functional test of KDC for monitoring?

2013-01-11 Thread Russ Allbery
Jeff Blaine writes: > How are folks performing functional testing of KDCs (without PKINIT)? Attached -- old and not horribly well-designed, but it works for us. -- Russ Allbery (r...@stanford.edu) Kerb

Re: Functional test of KDC for monitoring?

2013-01-12 Thread Jan-Piet Mens
> How are folks performing functional testing of KDCs (without PKINIT)? We have a very primitive Nagios/Icinga plugin (loosely based on [1]) which invokes `kinit' with a keytab. This verifies that the round-trip principal->KDC->OpenLDAP is possible. -JP [1] http://exchange.nagios.org/dir

Re: Functional test of KDC for monitoring?

2013-01-14 Thread Roland C. Dowdeswell
On Sat, Jan 12, 2013 at 11:19:03AM +0100, Jan-Piet Mens wrote: > > > How are folks performing functional testing of KDCs (without PKINIT)? > > We have a very primitive Nagios/Icinga plugin (loosely based on [1]) > which invokes `kinit' with a keytab. This verifies that the round-trip > principal-

Re: Functional test of KDC for monitoring?

2013-01-15 Thread Nico Williams
On Tue, Jan 15, 2013 at 12:38 AM, Roland C. Dowdeswell wrote: > And [to the MIT developers], I think that it would be nice if there > were either (1) functionality within Kerberos which allowed for > the writing of programs such as this without overriding functions, > i.e. allow library users to t

Re: Functional test of KDC for monitoring?

2013-02-13 Thread John Devitofranceschi
On Jan 15, 2013, at 9:58 AM, Nico Williams wrote: > On Tue, Jan 15, 2013 at 12:38 AM, Roland C. Dowdeswell > wrote: >> And [to the MIT developers], I think that it would be nice if there >> were either (1) functionality within Kerberos which allowed for >> the writing of programs such as this

Re: Functional test of KDC for monitoring?

2013-02-13 Thread Nico Williams
On Wed, Feb 13, 2013 at 6:12 AM, John Devitofranceschi wrote: > One thing that we do is monitor propagation. Something like: > > lpc=get_last_princ_changed; > > master_lpc_kvno=get_kvno(master_kdc, lpc); > > init_error_state; > foreach kdc (@slave_kdc_list) ; do > slave_lpc_kvno= get_kvno

Re: Functional test of KDC for monitoring?

2013-02-14 Thread John Devitofranceschi
On Feb 13, 2013, at 11:21 AM, Nico Williams wrote: > On Wed, Feb 13, 2013 at 6:12 AM, John Devitofranceschi > wrote: >> One thing that we do is monitor propagation. Something like: >> >> lpc=get_last_princ_changed; >> >> master_lpc_kvno=get_kvno(master_kdc, lpc); >> >> init_error_state; >>