nixos/tests/krb5/example-config.nix

   1 # Verifies that the configuration suggested in (non-deprecated) example values
   2 # will result in the expected output.
   3
   4 import ../make-test-python.nix ({ pkgs, ...} : {
   5   name = "krb5-with-example-config";
   6   meta = with pkgs.lib.maintainers; {
   7     maintainers = [ eqyiel ];
   8   };
   9
  10   nodes.machine =
  11     { pkgs, ... }: {
  12       krb5 = {
  13         enable = true;
  14         kerberos = pkgs.krb5Full;
  15         libdefaults = {
  16           default_realm = "ATHENA.MIT.EDU";
  17         };
  18         realms = {
  19           "ATHENA.MIT.EDU" = {
  20             admin_server = "athena.mit.edu";
  21             kdc = [
  22               "athena01.mit.edu"
  23               "athena02.mit.edu"
  24             ];
  25           };
  26         };
  27         domain_realm = {
  28           "example.com" = "EXAMPLE.COM";
  29           ".example.com" = "EXAMPLE.COM";
  30         };
  31         capaths = {
  32           "ATHENA.MIT.EDU" = {
  33             "EXAMPLE.COM" = ".";
  34           };
  35           "EXAMPLE.COM" = {
  36             "ATHENA.MIT.EDU" = ".";
  37           };
  38         };
  39         appdefaults = {
  40           pam = {
  41             debug = false;
  42             ticket_lifetime = 36000;
  43             renew_lifetime = 36000;
  44             max_timeout = 30;
  45             timeout_shift = 2;
  46             initial_timeout = 1;
  47           };
  48         };
  49         plugins = {
  50           ccselect = {
  51             disable = "k5identity";
  52           };
  53         };
  54         extraConfig = ''
  55           [logging]
  56             kdc          = SYSLOG:NOTICE
  57             admin_server = SYSLOG:NOTICE
  58             default      = SYSLOG:NOTICE
  59         '';
  60       };
  61     };
  62
  63   testScript =
  64     let snapshot = pkgs.writeText "krb5-with-example-config.conf" ''
  65       [libdefaults]
  66         default_realm = ATHENA.MIT.EDU
  67
  68       [realms]
  69         ATHENA.MIT.EDU = {
  70           admin_server = athena.mit.edu
  71           kdc = athena01.mit.edu
  72           kdc = athena02.mit.edu
  73         }
  74
  75       [domain_realm]
  76         .example.com = EXAMPLE.COM
  77         example.com = EXAMPLE.COM
  78
  79       [capaths]
  80         ATHENA.MIT.EDU = {
  81           EXAMPLE.COM = .
  82         }
  83         EXAMPLE.COM = {
  84           ATHENA.MIT.EDU = .
  85         }
  86
  87       [appdefaults]
  88         pam = {
  89           debug = false
  90           initial_timeout = 1
  91           max_timeout = 30
  92           renew_lifetime = 36000
  93           ticket_lifetime = 36000
  94           timeout_shift = 2
  95         }
  96
  97       [plugins]
  98         ccselect = {
  99           disable = k5identity
 100         }
 101
 102       [logging]
 103         kdc          = SYSLOG:NOTICE
 104         admin_server = SYSLOG:NOTICE
 105         default      = SYSLOG:NOTICE
 106     '';
 107   in ''
 108     machine.succeed(
 109         "diff /etc/krb5.conf ${snapshot}"
 110     )
 111   '';
 112 })