hcq/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2026-02-17 11:57:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e4deae7396f2a5576c0c8289e2bfc005ed3d6989
postgresql/src/test/kerberos
History
Stephen Frost eb882a1b71 GSSAPI: Improve documentation and tests 
The GSSAPI encryption patch neglected to update the protocol
documentation to describe how to set up a GSSAPI encrypted connection
from a client to the server, so fix that by adding the appropriate
documentation to protocol.sgml.

The tests added for encryption support were overly long and couldn't be
run in parallel due to race conditions; this was largely because each
test was setting up its own KDC to perform the tests.  Instead, merge
the authentication tests and the encryption tests into the original
test, where we only create one KDC to run the tests with.  Also, have
the tests check what the server's opinion is of the connection and if it
was GSS authenticated or encrypted using the pg_stat_gssapi view.

In passing, fix the libpq label for GSSENC-Mode to be consistent with
the "PGGSSENCMODE" environment variable.

Missing protocol documentation pointed out by Michael Paquier.
Issues with the tests pointed out by Tom Lane and Peter Eisentraut.

Refactored tests and added documentation by me.

Reviewed by Robbie Harwood (protocol documentation) and Michael Paquier
(rework of the tests).
2019-04-19 21:22:22 -04:00
..
t
GSSAPI: Improve documentation and tests
2019-04-19 21:22:22 -04:00
.gitignore
Makefile
Update copyright for 2019
2019-01-02 12:44:25 -05:00
README
Clarify the README files for the various separate TAP-based test suites.
2018-06-19 19:30:50 -04:00

README 

src/test/kerberos/README

Tests for Kerberos/GSSAPI functionality
=======================================

This directory contains a test suite for Kerberos/GSSAPI
functionality.  This requires a full MIT Kerberos installation,
including server and client tools, and is therefore kept separate and
not run by default.

Also, this test suite creates a KDC server that listens for TCP/IP
connections on localhost without any real access control, so it is not
safe to run this on a system where there might be untrusted local
users.

Running the tests
=================

NOTE: You must have given the --enable-tap-tests argument to configure.

Run
    make check
or
    make installcheck
You can use "make installcheck" if you previously did "make install".
In that case, the code in the installation tree is tested.  With
"make check", a temporary installation tree is built from the current
sources and then tested.

Either way, this test initializes, starts, and stops a test Postgres
cluster, as well as a test KDC server.

Requirements
============

MIT Kerberos server and client tools are required.  Heimdal is not
supported.

Debian/Ubuntu packages: krb5-admin-server krb5-kdc krb5-user

RHEL/CentOS/Fedora packages: krb5-server krb5-workstation

FreeBSD port: krb5 (base system has Heimdal)