RubyGems - rkerberos - Versions diffs - 0.2.0 → 0.2.2 - Mend

rkerberos 0.2.0 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

checksums.yaml +4 -4
data/CHANGES.md +59 -0
data/MANIFEST.md +24 -0
data/README.md +55 -3
data/Rakefile +35 -0
data/ext/rkerberos/ccache.c +103 -9
data/ext/rkerberos/config.c +4 -4
data/ext/rkerberos/context.c +63 -8
data/ext/rkerberos/kadm5.c +79 -65
data/ext/rkerberos/keytab.c +237 -106
data/ext/rkerberos/policy.c +1 -1
data/ext/rkerberos/rkerberos.c +264 -8
data/ext/rkerberos/rkerberos.h +2 -0
data/rkerberos.gemspec +16 -7
data/spec/config_spec.rb +4 -4
data/spec/context_spec.rb +36 -0
data/spec/credentials_cache_spec.rb +53 -0
data/spec/kadm5_spec.rb +40 -1
data/spec/krb5_keytab_spec.rb +195 -0
data/spec/krb5_spec.rb +177 -1
metadata +16 -27
data/CHANGES +0 -34
data/Dockerfile +0 -42
data/MANIFEST +0 -16
data/docker/Dockerfile.kdc +0 -16
data/docker/docker-entrypoint.sh +0 -23
data/docker/kadm5.acl +0 -1
data/docker/kdc.conf +0 -13
data/docker/krb5.conf +0 -14
data/docker-compose.yml +0 -44

data/spec/krb5_keytab_spec.rb CHANGED Viewed

@@ -29,6 +29,10 @@ RSpec.describe Kerberos::Krb5::Keytab do
     end
   end
+  after(:all) do
+    FileUtils.rm_f(@keytab_file)
+  end
   subject(:keytab) { described_class.new }
   describe 'constructor' do
@@ -43,4 +47,195 @@ RSpec.describe Kerberos::Krb5::Keytab do
       }.to raise_error(Kerberos::Krb5::Keytab::Exception)
     end
   end
+  describe '#keytab_name and #keytab_type' do
+    it 'returns the underlying name and type strings' do
+      kt = described_class.new(@keytab_name)
+      expect(kt).to respond_to(:keytab_name)
+      expect(kt).to respond_to(:keytab_type)
+      expect(kt.keytab_name).to be_a(String)
+      expect(kt.keytab_type).to be_a(String)
+      # name should include the residual portion we supplied
+      expect(kt.keytab_name).to include(File.basename(@keytab_file))
+      # type should match the scheme
+      expect(kt.keytab_type.downcase).to eq("file")
+    end
+  end
+  describe '#close' do
+    it 'returns true' do
+      kt = described_class.new(@keytab_name)
+      expect(kt.close).to eq(true)
+    end
+    it 'can be called multiple times without error' do
+      kt = described_class.new(@keytab_name)
+      kt.close
+      expect { kt.close }.not_to raise_error
+    end
+    it 'raises an error when calling keytab_name after close' do
+      kt = described_class.new(@keytab_name)
+      kt.close
+      expect { kt.keytab_name }.to raise_error(Kerberos::Krb5::Exception)
+    end
+    it 'raises an error when calling keytab_type after close' do
+      kt = described_class.new(@keytab_name)
+      kt.close
+      expect { kt.keytab_type }.to raise_error(Kerberos::Krb5::Exception)
+    end
+    it 'does not segfault when garbage collected after close' do
+      kt = described_class.new(@keytab_name)
+      kt.close
+      kt = nil
+      GC.start
+    end
+  end
+  describe '.foreach' do
+    it 'yields keytab entries for a valid keytab' do
+      entries = []
+      described_class.foreach(@keytab_name) { |entry| entries << entry }
+      expect(entries.length).to eq(2)
+      entries.each do |entry|
+        expect(entry).to be_a(Kerberos::Krb5::Keytab::Entry)
+        expect(entry.principal).to be_a(String)
+        expect(entry.principal).to match(/@#{Regexp.quote(@realm)}$/)
+        expect(entry.vno).to be_a(Integer)
+        expect(entry.timestamp).to be_a(Time)
+        expect(entry.key).to be_a(Integer)
+      end
+    end
+    it 'uses the default keytab when no name is provided' do
+      # The default keytab may not exist in the test container, so we
+      # just verify it attempts to use it (raises keytab-related error
+      # rather than ArgumentError or similar).
+      begin
+        described_class.foreach { |_| }
+      rescue Kerberos::Krb5::Exception
+        # Expected when default keytab is absent
+      end
+    end
+    it 'raises an error for a non-existent keytab file' do
+      expect {
+        described_class.foreach("FILE:/no/such/keytab") { |_| }
+      }.to raise_error(Kerberos::Krb5::Exception)
+    end
+    it 'raises an error for an invalid keytab type' do
+      expect {
+        described_class.foreach("BOGUS:/tmp/keytab") { |_| }
+      }.to raise_error(Kerberos::Krb5::Exception)
+    end
+    it 'does not leak resources when the block raises' do
+      expect {
+        described_class.foreach(@keytab_name) { |_| raise "boom" }
+      }.to raise_error(RuntimeError, "boom")
+    end
+    it 'does not leak resources when the block breaks' do
+      result = catch(:done) do
+        described_class.foreach(@keytab_name) { |_| throw :done, :escaped }
+        :completed
+      end
+      expect(result).to eq(:escaped)
+    end
+  end
+  describe '#each' do
+    it 'yields keytab entries for a valid keytab' do
+      kt = described_class.new(@keytab_name)
+      entries = []
+      kt.each { |entry| entries << entry }
+      expect(entries.length).to eq(2)
+      entries.each do |entry|
+        expect(entry).to be_a(Kerberos::Krb5::Keytab::Entry)
+        expect(entry.principal).to be_a(String)
+        expect(entry.vno).to be_a(Integer)
+        expect(entry.timestamp).to be_a(Time)
+        expect(entry.key).to be_a(Integer)
+      end
+    end
+    it 'does not leak resources when the block raises' do
+      kt = described_class.new(@keytab_name)
+      expect {
+        kt.each { |_| raise "boom" }
+      }.to raise_error(RuntimeError, "boom")
+    end
+    it 'does not leak resources when the block breaks' do
+      kt = described_class.new(@keytab_name)
+      result = catch(:done) do
+        kt.each { |_| throw :done, :escaped }
+        :completed
+      end
+      expect(result).to eq(:escaped)
+    end
+  end
+  describe '#get_entry' do
+    it 'finds an entry by principal name' do
+      kt = described_class.new(@keytab_name)
+      entry = kt.get_entry("testuser1@#{@realm}")
+      expect(entry).to be_a(Kerberos::Krb5::Keytab::Entry)
+      expect(entry.principal).to eq("testuser1@#{@realm}")
+      expect(entry.vno).to eq(1)
+      expect(entry.timestamp).to be_a(Time)
+      expect(entry.key).to be_a(Integer)
+    end
+    it 'finds an entry filtering by vno' do
+      kt = described_class.new(@keytab_name)
+      entry = kt.get_entry("testuser1@#{@realm}", 1)
+      expect(entry.principal).to eq("testuser1@#{@realm}")
+      expect(entry.vno).to eq(1)
+    end
+    it 'finds an entry filtering by vno and enctype' do
+      kt = described_class.new(@keytab_name)
+      # aes128-cts-hmac-sha1-96 is enctype 17
+      entry = kt.get_entry("testuser1@#{@realm}", 1, 17)
+      expect(entry.principal).to eq("testuser1@#{@realm}")
+      expect(entry.vno).to eq(1)
+      expect(entry.key).to eq(17)
+    end
+    it 'raises an error for a non-existent principal' do
+      kt = described_class.new(@keytab_name)
+      expect {
+        kt.get_entry("bogus@#{@realm}")
+      }.to raise_error(Kerberos::Krb5::Exception)
+    end
+    it 'is aliased as find' do
+      kt = described_class.new(@keytab_name)
+      expect(kt.method(:find)).to eq(kt.method(:get_entry))
+    end
+  end
+  describe '#dup' do
+    it 'creates an independent handle referring to same keytab' do
+      kt1 = described_class.new(@keytab_name)
+      kt2 = kt1.dup
+      expect(kt2).to be_a(described_class)
+      expect(kt2.keytab_name).to eq(kt1.keytab_name)
+      # closing one should not invalidate the other
+      kt1.close
+      expect { kt2.keytab_name }.not_to raise_error
+    end
+    it 'clone is an alias for dup' do
+      kt = described_class.new(@keytab_name)
+      expect(kt.method(:clone)).to eq(kt.method(:dup))
+    end
+  end
 end

data/spec/krb5_spec.rb CHANGED Viewed

@@ -3,6 +3,8 @@
 require 'rkerberos'
 require 'open3'
+require 'pty'
+require 'expect'
 RSpec.describe Kerberos::Krb5 do
   before(:all) do
@@ -10,6 +12,7 @@ RSpec.describe Kerberos::Krb5 do
     Open3.popen3('klist') { |_, _, stderr| @cache_found = false unless stderr.gets.nil? }
     @krb5_conf = ENV['KRB5_CONFIG'] || '/etc/krb5.conf'
     @realm = IO.read(@krb5_conf).split("\n").grep(/default_realm/).first.split('=').last.lstrip.chomp
   end
   subject(:krb5) { described_class.new }
@@ -18,7 +21,7 @@ RSpec.describe Kerberos::Krb5 do
   let(:service) { 'kadmin/admin' }
   it 'has the correct version constant' do
-    expect(Kerberos::Krb5::VERSION).to eq('0.2.0')
+    expect(Kerberos::Krb5::VERSION).to eq('0.2.2')
   end
   it 'accepts a block and yields itself' do
@@ -44,4 +47,177 @@ RSpec.describe Kerberos::Krb5 do
       expect(krb5.method(:default_realm)).to eq(krb5.method(:get_default_realm))
     end
   end
+  describe '#verify_init_creds' do
+    # Some KDC setups may not correctly set the initial password during
+    # entrypoint startup; enforce it here via the admin API so the test is
+    # deterministic.
+    before do
+      user = "testuser1@#{@realm}"
+      Kerberos::Kadm5.new(
+        principal: ENV.fetch('KRB5_ADMIN_PRINCIPAL', 'admin/admin@EXAMPLE.COM'),
+        password: ENV.fetch('KRB5_ADMIN_PASSWORD', 'adminpassword')
+      ) do |kadmin|
+        kadmin.set_password(user, 'changeme')
+      end
+    end
+    it 'responds to verify_init_creds' do
+      expect(krb5).to respond_to(:verify_init_creds)
+    end
+    it 'raises when no credentials have been acquired' do
+      expect { krb5.verify_init_creds }.to raise_error(Kerberos::Krb5::Exception)
+    end
+    it 'validates argument types' do
+      expect { krb5.verify_init_creds(true) }.to raise_error(TypeError)
+      expect { krb5.verify_init_creds(nil, true) }.to raise_error(TypeError)
+      expect { krb5.verify_init_creds(nil, nil, true) }.to raise_error(TypeError)
+    end
+    it 'verifies credentials obtained via password' do
+      krb5.get_init_creds_password(user, 'changeme')
+      expect(krb5.verify_init_creds).to be true
+    end
+    it 'accepts a server principal string' do
+      krb5.get_init_creds_password(user, 'changeme')
+      expect(krb5.verify_init_creds("kadmin/admin@#{@realm}")).to be true
+    end
+    it 'accepts a Keytab object' do
+      krb5.get_init_creds_password(user, 'changeme')
+      kt = Kerberos::Krb5::Keytab.new
+      expect(krb5.verify_init_creds(nil, kt)).to be true
+    end
+    it 'stores additional credentials in provided CredentialsCache' do
+      ccache = Kerberos::Krb5::CredentialsCache.new
+      krb5.get_init_creds_password(user, 'changeme')
+      expect(krb5.verify_init_creds(nil, nil, ccache)).to be true
+      expect(ccache.primary_principal).to be_a(String)
+      expect(ccache.primary_principal).to include('@')
+    end
+    it 'provides authenticate! which acquires and verifies (Zanarotti mitigation)' do
+      expect(krb5).to respond_to(:authenticate!)
+      expect(krb5.authenticate!(user, 'changeme')).to be true
+      expect(krb5.verify_init_creds).to be true
+    end
+    it 'accepts an optional service argument' do
+      expect { krb5.authenticate!(user, 'changeme', 'kadmin/changepw') }.not_to raise_error
+      expect(krb5.verify_init_creds).to be true
+    end
+    it 'validates argument types for authenticate!' do
+      expect { krb5.authenticate!(true, true) }.to raise_error(TypeError)
+    end
+  end
+  describe '#change_password' do
+    before do
+      # Ensure testuser1 has a known password before each test.
+      Kerberos::Kadm5.new(
+        principal: ENV.fetch('KRB5_ADMIN_PRINCIPAL', 'admin/admin@EXAMPLE.COM'),
+        password: ENV.fetch('KRB5_ADMIN_PASSWORD', 'adminpassword')
+      ) do |kadmin|
+        kadmin.set_password(user, 'changeme')
+      end
+    end
+    after do
+      # Reset to known password so later tests are not affected.
+      Kerberos::Kadm5.new(
+        principal: ENV.fetch('KRB5_ADMIN_PRINCIPAL', 'admin/admin@EXAMPLE.COM'),
+        password: ENV.fetch('KRB5_ADMIN_PASSWORD', 'adminpassword')
+      ) do |kadmin|
+        kadmin.set_password(user, 'changeme')
+      end
+    end
+    it 'responds to change_password' do
+      expect(krb5).to respond_to(:change_password)
+    end
+    it 'requires exactly two arguments' do
+      expect { krb5.change_password }.to raise_error(ArgumentError)
+      expect { krb5.change_password('old') }.to raise_error(ArgumentError)
+      expect { krb5.change_password('old', 'new', 'extra') }.to raise_error(ArgumentError)
+    end
+    it 'raises if no principal has been established' do
+      expect { krb5.change_password('changeme', 'newpass1A!') }.to raise_error(Kerberos::Krb5::Exception, /no principal/)
+    end
+    it 'changes the password successfully' do
+      krb5.get_init_creds_password(user, 'changeme')
+      expect(krb5.change_password('changeme', 'Newpass99!')).to be true
+      # Verify we can authenticate with the new password
+      krb5_check = described_class.new
+      expect(krb5_check.get_init_creds_password(user, 'Newpass99!')).to be true
+      krb5_check.close
+    end
+    it 'raises with a meaningful message when the old password is wrong' do
+      krb5.get_init_creds_password(user, 'changeme')
+      expect {
+        krb5.change_password('wrongpass', 'Newpass99!')
+      }.to raise_error(Kerberos::Krb5::Exception, /krb5_(get_init_creds_password|change_password)/)
+    end
+    it 'requires string arguments' do
+      expect { krb5.change_password(1, 'new') }.to raise_error(TypeError)
+      expect { krb5.change_password('old', 1) }.to raise_error(TypeError)
+    end
+    context 'when the KDC rejects the new password due to policy' do
+      let(:policy_user) { "policyuser@#{@realm}" }
+      # Password must satisfy strict_policy (minlength=8, minclasses=3).
+      let(:compliant_pw) { 'Changeme1!' }
+      it 'raises an exception with the KDC rejection reason' do
+        krb5.get_init_creds_password(policy_user, compliant_pw)
+        expect {
+          krb5.change_password(compliant_pw, 'a')
+        }.to raise_error(Kerberos::Krb5::Exception, /krb5_change_password/)
+      end
+    end
+  end
+  describe '#get_init_creds_keytab' do
+    before(:each) do
+      @kt_file = File.join(Dir.tmpdir, "test_get_init_creds_#{Process.pid}_#{rand(10000)}.keytab")
+      PTY.spawn('ktutil') do |reader, writer, _|
+        reader.expect(/ktutil:\s+/)
+        writer.puts("add_entry -password -p testuser1@#{@realm} -k 1 -e aes128-cts-hmac-sha1-96")
+        reader.expect(/Password for #{Regexp.quote("testuser1@#{@realm}")}:\s+/)
+        writer.puts('changeme')
+        reader.expect(/ktutil:\s+/)
+        writer.puts("wkt #{@kt_file}")
+        reader.expect(/ktutil:\s+/)
+        writer.puts('quit')
+      end
+    end
+    it 'responds to get_init_creds_keytab' do
+      expect(krb5).to respond_to(:get_init_creds_keytab)
+    end
+    it 'acquires credentials for a principal from a supplied keytab file' do
+      kt_name = "FILE:#{@kt_file}"
+      expect { krb5.get_init_creds_keytab(user, kt_name) }.not_to raise_error
+      expect(krb5.verify_init_creds).to be true
+    end
+    it 'accepts a CredentialsCache to receive credentials' do
+      ccache = Kerberos::Krb5::CredentialsCache.new
+      kt_name = "FILE:#{@kt_file}"
+      expect { krb5.get_init_creds_keytab(user, kt_name, nil, ccache) }.not_to raise_error
+      expect(ccache.primary_principal).to be_a(String)
+      expect(ccache.primary_principal).to include('@')
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rkerberos
 version: !ruby/object:Gem::Version
-  version: 0.2.0
+  version: 0.2.2
 platform: ruby
 authors:
 - Daniel Berger
@@ -18,7 +18,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-  type: :runtime
+  type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
@@ -63,34 +63,14 @@ email:
 executables: []
 extensions:
 - ext/rkerberos/extconf.rb
-extra_rdoc_files:
-- CHANGES
-- LICENSE
-- MANIFEST
-- README.md
-- ext/rkerberos/ccache.c
-- ext/rkerberos/config.c
-- ext/rkerberos/context.c
-- ext/rkerberos/kadm5.c
-- ext/rkerberos/keytab.c
-- ext/rkerberos/keytab_entry.c
-- ext/rkerberos/policy.c
-- ext/rkerberos/principal.c
-- ext/rkerberos/rkerberos.c
+extra_rdoc_files: []
 files:
-- CHANGES
-- Dockerfile
+- CHANGES.md
 - Gemfile
 - LICENSE
-- MANIFEST
+- MANIFEST.md
 - README.md
 - Rakefile
-- docker-compose.yml
-- docker/Dockerfile.kdc
-- docker/docker-entrypoint.sh
-- docker/kadm5.acl
-- docker/kdc.conf
-- docker/krb5.conf
 - ext/rkerberos/ccache.c
 - ext/rkerberos/config.c
 - ext/rkerberos/context.c
@@ -112,10 +92,19 @@ files:
 - spec/krb5_spec.rb
 - spec/policy_spec.rb
 - spec/principal_spec.rb
-homepage: http://github.com/domcleal/rkerberos
+homepage: http://github.com/rkerberos/rkerberos
 licenses:
 - Artistic-2.0
-metadata: {}
+metadata:
+  homepage_uri: https://github.com/rkerberos/rkerberos
+  bug_tracker_uri: https://github.com/rkerberos/rkerberos/issues
+  changelog_uri: https://github.com/rkerberos/rkerberos/blob/main/CHANGES.md
+  documentation_uri: https://github.com/rkerberos/rkerberos/wiki
+  source_code_uri: https://github.com/rkerberos/rkerberos
+  wiki_uri: https://github.com/rkerberos/rkerberos/wiki
+  github_repo: https://github.com/djberg96/rkerberos
+  funding_uri: https://github.com/sponsors/rkerberos
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib

data/CHANGES DELETED Viewed

@@ -1,34 +0,0 @@
- = 0.2.0 - 14-Feb-2026
-* Added Docker and Podman support for running tests in isolated environments with Kerberos and OpenLDAP services.
-* Updated documentation with modern testing and development workflows, including container-based instructions.
-* Improved compatibility for Ruby 3.4 and later.
-* Enhanced build and test automation using docker-compose and podman-compose.
-* Various bug fixes, code cleanups, and test improvements.
-= 0.1.5 - 17-Oct-2016
-* Fix build error on Ruby 2.0.0/2.1 with CFLAGS concatenation
-= 0.1.4 - 14-Oct-2016
-* Implement db_args functionality in kadmin (fixes #8)
-* Fix a double-free error when setting the realm for a principal
-* Fix an error in policy creation that would sometimes cause a communication failure
-* Set C99 as the C Standard and fix all compiler warnings at this level
-= 0.1.3 - 07-Sep-2013
-* Add optional 'service' argument to get_init_creds_password (fixes #3)
-* Artistic License 2.0 text now included (fixes #2)
-= 0.1.2 - 24-Jun-2013
-* Fix kadm5clnt build issue on EL6
-* Remove admin_keytab references for krb5 1.11
-* Add Gemfile
-* Replace deprecated Config with RbConfig (Ruby 2)
-= 0.1.1 - 08-May-2013
-* Add credential cache argument to get_init_creds_keytab
-* Fixed invalid VALUE declarations affecting non-gcc compilers
-* Add OS X install instructions
-= 0.1.0 - 28-Apr-2011
-* Initial release. This is effectively a re-release of my own custom branch
-  of the krb5-auth library, with some minor changes.

data/Dockerfile DELETED Viewed

@@ -1,42 +0,0 @@
-# Dockerfile for rkerberos Ruby gem testing
-FROM ruby:3.4
-# Install MIT Kerberos, KDC, admin server, and build tools
-RUN apt-get update && \
-        apt-get install -y --no-install-recommends \
-            libkrb5-dev krb5-user krb5-kdc krb5-admin-server rake build-essential && \
-        rm -rf /var/lib/apt/lists/*
-# Set up a working directory
-WORKDIR /app
-# Set admin credentials for tests (matches docker-compose.yml)
-ENV KRB5_ADMIN_PRINCIPAL=admin/admin@EXAMPLE.COM
-ENV KRB5_ADMIN_PASSWORD=adminpassword
-# Copy the gemspec and Gemfile for dependency installation
-COPY Gemfile rkerberos.gemspec ./
-# Install gem dependencies and RSpec
-RUN bundle install && gem install rspec
-# Create a more complete krb5.conf for testing (with kadmin support)
-RUN echo "[libdefaults]\n  default_realm = EXAMPLE.COM\n  dns_lookup_realm = false\n  dns_lookup_kdc = false\n  ticket_lifetime = 24h\n  renew_lifetime = 7d\n  forwardable = true\n[realms]\n  EXAMPLE.COM = {\n    kdc = kerberos-kdc\n    admin_server = kerberos-kdc\n    default_domain = example.com\n  }\n[domain_realm]\n  .example.com = EXAMPLE.COM\n  example.com = EXAMPLE.COM\n[kadmin]\n  default_keys = des-cbc-crc:normal des-cbc-md5:normal aes256-cts:normal aes128-cts:normal rc4-hmac:normal\n  admin_server = kerberos-kdc\n" > /etc/krb5.conf
-# Create a minimal KDC and admin server config, and a permissive ACL for kadmin
-RUN mkdir -p /etc/krb5kdc && \
-    echo "[kdcdefaults]\n kdc_ports = 88\n[kdc]\n profile = /etc/krb5.conf\n" > /etc/krb5kdc/kdc.conf && \
-    echo "admin/admin@EXAMPLE.COM *" > /etc/krb5kdc/kadm5.acl
-# Copy the rest of the code
-COPY . .
-# Compile the C extension
-RUN rake compile
-# Run RSpec tests
-CMD ["bundle", "exec", "rspec"]

data/MANIFEST DELETED Viewed

@@ -1,16 +0,0 @@
-CHANGES
-rkerberos.gemspec
-MANIFEST
-Rakefile
-README
-ext/ccache.c
-ext/context.c
-ext/extconf.rb
-ext/kadm5.c
-ext/keytab.c
-ext/keytab_entry.c
-ext/rkerberos.c
-ext/rkerberos.h
-ext/policy.c
-ext/principal.c
-test/test_krb5.rb

data/docker/Dockerfile.kdc DELETED Viewed

@@ -1,16 +0,0 @@
-FROM debian:bullseye
-RUN apt-get update && \
-    apt-get install -y krb5-kdc krb5-admin-server krb5-user krb5-kdc-ldap ldap-utils expect && \
-    rm -rf /var/lib/apt/lists/*
-# Copy configuration files
-COPY krb5.conf /etc/krb5.conf
-COPY kdc.conf /etc/krb5kdc/kdc.conf
-COPY kadm5.acl /etc/krb5kdc/kadm5.acl
-# Copy entrypoint
-COPY docker-entrypoint.sh /docker-entrypoint.sh
-RUN chmod +x /docker-entrypoint.sh
-ENTRYPOINT ["/docker-entrypoint.sh"]

data/docker/docker-entrypoint.sh DELETED Viewed

@@ -1,23 +0,0 @@
-#!/bin/bash
-set -e
-# Initialize KDC DB if not already present
-if [ ! -f /etc/krb5kdc/.k5.EXAMPLE.COM ]; then
-  printf "masterpassword\nmasterpassword\n" | krb5_newrealm
-  kadmin.local -q "addprinc -pw adminpassword admin/admin"
-fi
-# Create standard test principals for keytab/credential cache tests
-kadmin.local -q "addprinc -pw changeme testuser1@EXAMPLE.COM"
-kadmin.local -q "addprinc -pw changeme zztop@EXAMPLE.COM"
-kadmin.local -q "addprinc -pw changeme martymcfly@EXAMPLE.COM"
-kadmin.local -q "ktadd -k /etc/krb5.keytab testuser1@EXAMPLE.COM"
-kadmin.local -q "ktadd -k /etc/krb5.keytab zztop@EXAMPLE.COM"
-kadmin.local -q "ktadd -k /etc/krb5.keytab martymcfly@EXAMPLE.COM"
-# Start KDC and admin server
-krb5kdc
-kadmind
-# Keep container running
-trap : TERM INT; sleep infinity & wait

data/docker/kadm5.acl DELETED Viewed

	@@ -1 +0,0 @@
1	- admin/admin@EXAMPLE.COM *

data/docker/kdc.conf DELETED Viewed

@@ -1,13 +0,0 @@
-[kdcdefaults]
- kdc_ports = 88
-[realms]
- EXAMPLE.COM = {
-    admin_keytab = /etc/krb5kdc/kadm5.keytab
-    acl_file = /etc/krb5kdc/kadm5.acl
-    dict_file = /usr/share/dict/words
-    key_stash_file = /etc/krb5kdc/.k5.EXAMPLE.COM
-    kdc_ports = 88
-    max_life = 10h 0m 0s
-    max_renewable_life = 7d 0h 0m 0s
- }

data/docker/krb5.conf DELETED Viewed

@@ -1,14 +0,0 @@
-[libdefaults]
-  default_realm = EXAMPLE.COM
-  dns_lookup_realm = false
-  dns_lookup_kdc = false
-[realms]
-  EXAMPLE.COM = {
-    kdc = kerberos-kdc
-    admin_server = kerberos-kdc
-  }
-[domain_realm]
-  .example.com = EXAMPLE.COM
-  example.com = EXAMPLE.COM