Kerberos Tests¶

foley performed some tests on the master slave propagation of the kerberos database.

Configuration¶

1. /etc/krb5kdcs/krb5prop.sh is run every hour on kerberos.dev.ru.is which propogates the full database to kerberos-1 and kerberos-2
2. crontab entry for root
   

   23 * * * * /etc/krb5kdc/krb5prop.sh # sync from master

Tests¶

Individual test¶

1. 2012-07-03 (foley) Configured a kerberos linux client in /etc/krb5.conf to only treat each kerberos server as the only one visible. ## Result: PASS Was able to get tickets for foley@DEV.RU.IS successfully.
2. 2012-07-05 (foley) Shut down kdc on individual servers until kinit failed. sudo service krb5-kdc stop
   1. Result: PASS kinit only stopped working when all three kerberos kdc were shut down.
3. 2012-07-05 (foley) Created test user devnet@DEV.RU.IS and watched propogation of password from primary to slave by manually running the update script and performing kinit devnet@DEV.RU.IS to see which passwords worked. To ensure that only the slaves were contacted, the kdc on kerberos was turned off.
   1. Result: PASS Password change propogation worked only when propogation script was run. Tested on both kerberos-1 and kerberos-2
4. 2012-07-05 (foley) Check if crontab is running krb5prop.sh properly
   1. Result: PASS Password that was set in previous hour for devnet@DEV.RU.IS was propogated.
   2. NOTE: you must have a newline at the end of crontab or it invisibly fails