118 lines
2.8 KiB
Nix
118 lines
2.8 KiB
Nix
# Verifies that the configuration suggested in (non-deprecated) example values
|
|
# will result in the expected output.
|
|
|
|
import ../make-test-python.nix ({ pkgs, ...} : {
|
|
name = "krb5-with-example-config";
|
|
meta = with pkgs.lib.maintainers; {
|
|
maintainers = [ eqyiel dblsaiko ];
|
|
};
|
|
|
|
nodes.machine =
|
|
{ pkgs, ... }: {
|
|
security.krb5 = {
|
|
enable = true;
|
|
package = pkgs.krb5;
|
|
settings = {
|
|
includedir = [
|
|
"/etc/krb5.conf.d"
|
|
];
|
|
include = [
|
|
"/etc/krb5-extra.conf"
|
|
];
|
|
libdefaults = {
|
|
default_realm = "ATHENA.MIT.EDU";
|
|
};
|
|
realms = {
|
|
"ATHENA.MIT.EDU" = {
|
|
admin_server = "athena.mit.edu";
|
|
kdc = [
|
|
"athena01.mit.edu"
|
|
"athena02.mit.edu"
|
|
];
|
|
};
|
|
};
|
|
domain_realm = {
|
|
"example.com" = "EXAMPLE.COM";
|
|
".example.com" = "EXAMPLE.COM";
|
|
};
|
|
capaths = {
|
|
"ATHENA.MIT.EDU" = {
|
|
"EXAMPLE.COM" = ".";
|
|
};
|
|
"EXAMPLE.COM" = {
|
|
"ATHENA.MIT.EDU" = ".";
|
|
};
|
|
};
|
|
appdefaults = {
|
|
pam = {
|
|
debug = false;
|
|
ticket_lifetime = 36000;
|
|
renew_lifetime = 36000;
|
|
max_timeout = 30;
|
|
timeout_shift = 2;
|
|
initial_timeout = 1;
|
|
};
|
|
};
|
|
plugins.ccselect.disable = "k5identity";
|
|
logging = {
|
|
kdc = "SYSLOG:NOTICE";
|
|
admin_server = "SYSLOG:NOTICE";
|
|
default = "SYSLOG:NOTICE";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
testScript =
|
|
let snapshot = pkgs.writeText "krb5-with-example-config.conf" ''
|
|
[appdefaults]
|
|
pam = {
|
|
debug = false
|
|
initial_timeout = 1
|
|
max_timeout = 30
|
|
renew_lifetime = 36000
|
|
ticket_lifetime = 36000
|
|
timeout_shift = 2
|
|
}
|
|
|
|
[capaths]
|
|
ATHENA.MIT.EDU = {
|
|
EXAMPLE.COM = .
|
|
}
|
|
EXAMPLE.COM = {
|
|
ATHENA.MIT.EDU = .
|
|
}
|
|
|
|
[domain_realm]
|
|
.example.com = EXAMPLE.COM
|
|
example.com = EXAMPLE.COM
|
|
|
|
[libdefaults]
|
|
default_realm = ATHENA.MIT.EDU
|
|
|
|
[logging]
|
|
admin_server = SYSLOG:NOTICE
|
|
default = SYSLOG:NOTICE
|
|
kdc = SYSLOG:NOTICE
|
|
|
|
[plugins]
|
|
ccselect = {
|
|
disable = k5identity
|
|
}
|
|
|
|
[realms]
|
|
ATHENA.MIT.EDU = {
|
|
admin_server = athena.mit.edu
|
|
kdc = athena01.mit.edu
|
|
kdc = athena02.mit.edu
|
|
}
|
|
|
|
include /etc/krb5-extra.conf
|
|
includedir /etc/krb5.conf.d
|
|
'';
|
|
in ''
|
|
machine.succeed(
|
|
"diff /etc/krb5.conf ${snapshot}"
|
|
)
|
|
'';
|
|
})
|