diff options
Diffstat (limited to 'nixpkgs/nixos/tests/krb5')
-rw-r--r-- | nixpkgs/nixos/tests/krb5/default.nix | 4 | ||||
-rw-r--r-- | nixpkgs/nixos/tests/krb5/example-config.nix | 118 |
2 files changed, 122 insertions, 0 deletions
diff --git a/nixpkgs/nixos/tests/krb5/default.nix b/nixpkgs/nixos/tests/krb5/default.nix new file mode 100644 index 000000000000..ede085632c63 --- /dev/null +++ b/nixpkgs/nixos/tests/krb5/default.nix @@ -0,0 +1,4 @@ +{ system ? builtins.currentSystem }: +{ + example-config = import ./example-config.nix { inherit system; }; +} diff --git a/nixpkgs/nixos/tests/krb5/example-config.nix b/nixpkgs/nixos/tests/krb5/example-config.nix new file mode 100644 index 000000000000..33bed481b39f --- /dev/null +++ b/nixpkgs/nixos/tests/krb5/example-config.nix @@ -0,0 +1,118 @@ +# Verifies that the configuration suggested in (non-deprecated) example values +# will result in the expected output. + +import ../make-test-python.nix ({ pkgs, ...} : { + name = "krb5-with-example-config"; + meta = with pkgs.lib.maintainers; { + maintainers = [ eqyiel dblsaiko ]; + }; + + nodes.machine = + { pkgs, ... }: { + security.krb5 = { + enable = true; + package = pkgs.krb5; + settings = { + includedir = [ + "/etc/krb5.conf.d" + ]; + include = [ + "/etc/krb5-extra.conf" + ]; + libdefaults = { + default_realm = "ATHENA.MIT.EDU"; + }; + realms = { + "ATHENA.MIT.EDU" = { + admin_server = "athena.mit.edu"; + kdc = [ + "athena01.mit.edu" + "athena02.mit.edu" + ]; + }; + }; + domain_realm = { + "example.com" = "EXAMPLE.COM"; + ".example.com" = "EXAMPLE.COM"; + }; + capaths = { + "ATHENA.MIT.EDU" = { + "EXAMPLE.COM" = "."; + }; + "EXAMPLE.COM" = { + "ATHENA.MIT.EDU" = "."; + }; + }; + appdefaults = { + pam = { + debug = false; + ticket_lifetime = 36000; + renew_lifetime = 36000; + max_timeout = 30; + timeout_shift = 2; + initial_timeout = 1; + }; + }; + plugins.ccselect.disable = "k5identity"; + logging = { + kdc = "SYSLOG:NOTICE"; + admin_server = "SYSLOG:NOTICE"; + default = "SYSLOG:NOTICE"; + }; + }; + }; + }; + + testScript = + let snapshot = pkgs.writeText "krb5-with-example-config.conf" '' + [appdefaults] + pam = { + debug = false + initial_timeout = 1 + max_timeout = 30 + renew_lifetime = 36000 + ticket_lifetime = 36000 + timeout_shift = 2 + } + + [capaths] + ATHENA.MIT.EDU = { + EXAMPLE.COM = . + } + EXAMPLE.COM = { + ATHENA.MIT.EDU = . + } + + [domain_realm] + .example.com = EXAMPLE.COM + example.com = EXAMPLE.COM + + [libdefaults] + default_realm = ATHENA.MIT.EDU + + [logging] + admin_server = SYSLOG:NOTICE + default = SYSLOG:NOTICE + kdc = SYSLOG:NOTICE + + [plugins] + ccselect = { + disable = k5identity + } + + [realms] + ATHENA.MIT.EDU = { + admin_server = athena.mit.edu + kdc = athena01.mit.edu + kdc = athena02.mit.edu + } + + include /etc/krb5-extra.conf + includedir /etc/krb5.conf.d + ''; + in '' + machine.succeed( + "diff /etc/krb5.conf ${snapshot}" + ) + ''; +}) |