Re: Kerberos test suite - Mailing list pgsql-hackers

From Michael Paquier
Subject Re: Kerberos test suite
Date
Msg-id 20180227052100.GA2128@paquier.xyz
Whole thread Raw
In response to Kerberos test suite  (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>)
Responses Re: Kerberos test suite
Re: Kerberos test suite
List pgsql-hackers
On Wed, Feb 14, 2018 at 09:27:04AM -0500, Peter Eisentraut wrote:
> Here is a patch with a test suite for the Kerberos/GSSAPI authentication
> functionality.  It's very similar in principle to the recently added
> LDAP tests, and similar caveats apply.
>
> You will need the client and server parts of a krb5 package
> installation, possibly named krb5-workstation and krb5-server, or
> perhaps krb5-user and krb5-kdc.

Thanks.  Could you document that on the README please?  krb5-user and
krb5-kdc is a split from Debian.  For darwin, are you using macports or
homebrew?  I would assume the later, and it would be nice to precise
that in the README as well.  On Debian you need to install as well
krb5-admin-server as it includes kadmin.local which the test needs.
Once I understood that I have been able to run the tests.

> (If it appears to hang for you in the "setting up Kerberos" step, you
> might need more entropy/wait a while.  That problem appears to be
> limited to some virtual machine setups, but the specifics are not
> clear.)

That's one of those "move your mouse" or "type randomly your keyboard"
to generate more entropy for the installation setup?

You have forgotten to update ALWAYS_SUBDIRS in src/test/Makefile.

+my ($stdout, $krb5_version);
+IPC::Run::run [ 'krb5-config', '--version' ], '>', \$stdout or die
"could not execute krb5-config";
+$stdout =~ m/Kerberos 5 release ([0-9]+\.[0-9]+)/ or die "could not get
Kerberos version";
+$krb5_version = $1;
Time for a new routine command_log which executes the command, then
returns stdout and stderr to the caller?

+system_or_bail 'echo secret1 | kinit test1';
Using IPC::Run stuff would be better here.

@@ -1153,6 +1152,11 @@ sub psql
    $params{on_error_stop} = 1 unless defined $params{on_error_stop};
        $params{on_error_die}  = 0 unless defined $params{on_error_die};

+   $connstr .= ' host=localhost' if defined $params{tcpip};
+
+   my @psql_params =
+     ('psql', '-XAtq', '-d', $connstr, '-f', '-');
This bit I don't like.  Wouldn't it be enough to abuse of extra_params
and use a custom connection string?  The last value wins in a psql
command.
--
Michael

Attachment

pgsql-hackers by date:

Previous
From: "Tsunakawa, Takayuki"
Date:
Subject: RE: [bug fix] Cascaded standby cannot start after a clean shutdown
Next
From: Tatsuo Ishii
Date:
Subject: Re: TODO item for broken \s with libedit seems fixed