Kerberos Tests » History » Version 1
Joseph Foley, 2015-09-05 02:53
| 1 | 1 | Joseph Foley | h1. Kerberos Tests |
|---|---|---|---|
| 2 | |||
| 3 | foley performed some tests on the master slave propagation of the kerberos database. |
||
| 4 | |||
| 5 | h2. Configuration |
||
| 6 | |||
| 7 | # @/etc/krb5kdcs/krb5prop.sh@ is run every hour on @kerberos.dev.ru.is@ which propogates the full database to @kerberos-1@ and @kerberos-2@ |
||
| 8 | # crontab entry for root |
||
| 9 | <pre>23 * * * * /etc/krb5kdc/krb5prop.sh # sync from master</pre> |
||
| 10 | |||
| 11 | h2. Tests |
||
| 12 | |||
| 13 | h3. Individual test |
||
| 14 | |||
| 15 | # 2012-07-03 (foley) Configured a kerberos linux client in @/etc/krb5.conf@ to only treat each kerberos server as the only one visible. ## Result: *PASS* Was able to get tickets for foley@DEV.RU.IS successfully. |
||
| 16 | # 2012-07-05 (foley) Shut down kdc on individual servers until kinit failed. @sudo service krb5-kdc stop@ |
||
| 17 | ## Result: *PASS* kinit only stopped working when all three kerberos kdc were shut down. |
||
| 18 | # 2012-07-05 (foley) Created test user devnet@DEV.RU.IS and watched propogation of password from primary to slave by manually running the update script and performing @kinit devnet@DEV.RU.IS@ to see which passwords worked. To ensure that only the slaves were contacted, the kdc on @kerberos@ was turned off. |
||
| 19 | ## Result: *PASS* Password change propogation worked only when propogation script was run. Tested on both @kerberos-1@ and @kerberos-2@ |
||
| 20 | # 2012-07-05 (foley) Check if crontab is running @krb5prop.sh@ properly |
||
| 21 | ## Result: *PASS* Password that was set in previous hour for devnet@DEV.RU.IS was propogated. |
||
| 22 | ## NOTE: you must have a newline at the end of crontab or it invisibly fails |