URL: https://github.com/SSSD/sssd/pull/5428 Author: aborah-sudo Title: #5428: TESTS:sssd-kcm does not store TGT with ssh login using GSSAPI Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/5428/head:pr5428 git checkout pr5428
From e44abb49b306ec701985a798acee4dfeeb1edfe2 Mon Sep 17 00:00:00 2001 From: aborah <aborah@localhost.localdomain> Date: Fri, 4 Dec 2020 10:51:13 +0530 Subject: [PATCH] TESTS:sssd-kcm does not store TGT with ssh login using GSSAPI A RHEL 8.0 system set up for GSSAPI login for ssh allows to log in but does not actually store the ticket. klist shows no ticket after login. NFS4 with kerberos does not mount a home directory as a result. Verifies: https://github.com/SSSD/sssd/issues/5333 Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1722842 --- src/tests/multihost/alltests/test_krb_fips.py | 35 ++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/src/tests/multihost/alltests/test_krb_fips.py b/src/tests/multihost/alltests/test_krb_fips.py index 8a8784a59f..4e292e810e 100644 --- a/src/tests/multihost/alltests/test_krb_fips.py +++ b/src/tests/multihost/alltests/test_krb_fips.py @@ -6,7 +6,8 @@ import ldap from constants import ds_instance_name, ds_suffix, krb_realm from sssd.testlib.common.expect import pexpect_ssh -from sssd.testlib.common.utils import sssdTools, LdapOperations +from sssd.testlib.common.utils import sssdTools, \ + LdapOperations, SSHClient from sssd.testlib.common.exceptions import SSHLoginException from sssd.testlib.common.exceptions import SSSDException from sssd.testlib.common.libkrb5 import krb5srv @@ -69,6 +70,38 @@ def test_fips_login(self, multihost): else: client.logout() + @pytest.mark.tier1 + def test_kcm_not_store_tgt(self, multihost, backupsssdconf): + """ + :Title: sssd-kcm does not store TGT with ssh + login using GSSAPI + @bugzilla: + https://bugzilla.redhat.com/show_bug.cgi?id=1722842 + """ + client = sssdTools(multihost.client[0]) + domain_params = {'debug_level': '10', + 'ccache_storage': 'memory'} + client.sssd_conf('kcm', domain_params) + multihost.client[0].service_sssd('restart') + multihost.client[0].run_command("systemctl " + "restart sssd-kcm") + ssh = SSHClient(multihost.client[0].sys_hostname, + username='foo3', password='Secret123') + (_, _, exit_status) = ssh.execute_cmd('kdestroy') + assert exit_status == 0 + (_, _, exit_status) = ssh.execute_cmd('kinit foo3', + stdin='Secret123') + assert exit_status == 0 + ssh_k_cmd = 'ssh -oStrictHostKeyChecking=no -K -l foo3 ' \ + + multihost.client[0].sys_hostname + ' klist' + (stdout, _, exit_status) = ssh.execute_cmd(ssh_k_cmd) + ssh.close() + assert exit_status == 0 + for line in stdout.readlines(): + if 'KCM:14583103' in line: + has_cache = True + assert has_cache is True + def test_child_logs_after_receiving_hup(self, multihost): """ :Title: sssd fails to release file descriptor on child
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
