search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
vuls: init at 0.27.0
[NixPkgs.git] / nixos / tests / krb5 / example-config.nix
blob33bed481b39fc1ff6890c5745e6f0c8c6f28fb65
1 # Verifies that the configuration suggested in (non-deprecated) example values
2 # will result in the expected output.
3
4 import ../make-test-python.nix ({ pkgs, ...} : {
5   name = "krb5-with-example-config";
6   meta = with pkgs.lib.maintainers; {
7     maintainers = [ eqyiel dblsaiko ];
8   };
9
10   nodes.machine =
11     { pkgs, ... }: {
12       security.krb5 = {
13         enable = true;
14         package = pkgs.krb5;
15         settings = {
16           includedir = [
17             "/etc/krb5.conf.d"
18           ];
19           include = [
20             "/etc/krb5-extra.conf"
21           ];
22           libdefaults = {
23             default_realm = "ATHENA.MIT.EDU";
24           };
25           realms = {
26             "ATHENA.MIT.EDU" = {
27               admin_server = "athena.mit.edu";
28               kdc = [
29                 "athena01.mit.edu"
30                 "athena02.mit.edu"
31               ];
32             };
33           };
34           domain_realm = {
35             "example.com" = "EXAMPLE.COM";
36             ".example.com" = "EXAMPLE.COM";
37           };
38           capaths = {
39             "ATHENA.MIT.EDU" = {
40               "EXAMPLE.COM" = ".";
41             };
42             "EXAMPLE.COM" = {
43               "ATHENA.MIT.EDU" = ".";
44             };
45           };
46           appdefaults = {
47             pam = {
48               debug = false;
49               ticket_lifetime = 36000;
50               renew_lifetime = 36000;
51               max_timeout = 30;
52               timeout_shift = 2;
53               initial_timeout = 1;
54             };
55           };
56           plugins.ccselect.disable = "k5identity";
57           logging = {
58             kdc = "SYSLOG:NOTICE";
59             admin_server = "SYSLOG:NOTICE";
60             default = "SYSLOG:NOTICE";
61           };
62         };
63       };
64     };
65
66   testScript =
67     let snapshot = pkgs.writeText "krb5-with-example-config.conf" ''
68       [appdefaults]
69         pam = {
70           debug = false
71           initial_timeout = 1
72           max_timeout = 30
73           renew_lifetime = 36000
74           ticket_lifetime = 36000
75           timeout_shift = 2
76         }
77
78       [capaths]
79         ATHENA.MIT.EDU = {
80           EXAMPLE.COM = .
81         }
82         EXAMPLE.COM = {
83           ATHENA.MIT.EDU = .
84         }
85
86       [domain_realm]
87         .example.com = EXAMPLE.COM
88         example.com = EXAMPLE.COM
89
90       [libdefaults]
91         default_realm = ATHENA.MIT.EDU
92
93       [logging]
94         admin_server = SYSLOG:NOTICE
95         default = SYSLOG:NOTICE
96         kdc = SYSLOG:NOTICE
97
98       [plugins]
99         ccselect = {
100           disable = k5identity
101         }
102
103       [realms]
104         ATHENA.MIT.EDU = {
105           admin_server = athena.mit.edu
106           kdc = athena01.mit.edu
107           kdc = athena02.mit.edu
108         }
109
110       include /etc/krb5-extra.conf
111       includedir /etc/krb5.conf.d
112     '';
113   in ''
114     machine.succeed(
115         "diff /etc/krb5.conf ${snapshot}"
116     )
117   '';
118 })
Nix packages repository - mirror of https://github.com/NixOS/nixpkgs