1#!/bin/sh 2 3port=3007 4realm="TEST.APPLE.COM" 5 6service="test" 7user="local" 8pass="local" 9server="localhost" 10 11h3ldir="/usr/local/libexec/heimdal/bin" 12 13tmp="/private/tmp/krb5_testing_$$" 14kt_file="${tmp}/server.keytab" 15cc_file="${tmp}/krb5ccache" 16pw_file="${tmp}/password-file" 17export KRB5CCNAME="FILE:${cc_file}" 18export KRB5_KTNAME="FILE:${kt_file}" 19export KRB5_CONFIG="${tmp}/kdc.conf" 20 21kinit="kinit -c ${KRB5CCNAME}" 22kdestroy="kdestroy -c ${KRB5CCNAME}" 23klist="klist -c ${KRB5CCNAME}" 24kadmin="kadmin -l -r ${realm}" 25 26mkdir -p "${tmp}" 27echo "${pass}" > "${pw_file}" 28 29#--------------------------# 30# Configure and start kr5b # 31#--------------------------# 32cat "${h3ldir}/krb5.conf.in" | 33 sed \ 34 -e "s,[@]realm[@],${realm},g" \ 35 -e "s,[@]objdir[@],${tmp},g" \ 36 -e "s,[@]port[@],${port},g" \ 37 > "${KRB5_CONFIG}" 38 39${kadmin} init \ 40 --realm-max-ticket-life=1day \ 41 --realm-max-renewable-life=1month \ 42 "${realm}" || exit 1 43 44${kadmin} add -p "${pass}" --use-defaults "${user}@${realm}" || exit 1 45${kadmin} add -r --use-defaults "host/${server}@${realm}" || exit 1 46${kadmin} ext_keytab "${user}@${realm}" || exit 1 47${kadmin} ext_keytab "host/${server}@${realm}" || exit 1 48 49"/System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kdc" \ 50 --config-file="${KRB5_CONFIG}" \ 51 --addresses="localhost" \ 52 --ports="${port}" \ 53 --no-sandbox & 54kdcpid=$! 55trap "kill -9 ${kdcpid}; echo signal killing ${kdcpid}; exit 0;" EXIT 56sleep 1 57 58${kinit} --password-file="${pw_file}" "${user}@${realm}" 59 60#----------------------# 61# Starting ssh testing # 62#----------------------# 63 64cp $OBJ/sshd_config $OBJ/sshd_config.orig 65cat >> $OBJ/sshd_config << __GSSAPI__ 66# GSSAPI options 67GSSAPIAuthentication yes 68GSSAPICleanupCredentials yes 69GSSAPIStrictAcceptorCheck yes 70GSSAPIKeyExchange yes 71__GSSAPI__ 72start_sshd 73 74# SSH to server 75${SSH} -F $OBJ/ssh_config \ 76 -o "GSSAPIAuthentication=yes" \ 77 -o "GSSAPIDelegateCredentials=yes" \ 78 -o "GSSAPIKeyExchange=yes" \ 79 -o "GSSAPITrustDNS=no" \ 80 somehost true 81if [ $? -ne 0 ]; then 82 fail "ssh connect with gssapi failed" 83fi 84 85cp $OBJ/sshd_config.orig $OBJ/sshd_config 86 87#--------------# 88# Cleanup krb5 # 89#--------------# 90${kdestroy} --cache="${cc_file}" --all 91 92trap - EXIT 93kill $kdcpid 94 95${kadmin} del "host/${server}@${realm}" 96${kadmin} del "${user}@${realm}" 97 98rm -rf "${tmp}" 99