Dre4m Shell
Server IP : 85.214.239.14  /  Your IP : 3.129.210.35
Web Server : Apache/2.4.62 (Debian)
System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64
User : www-data ( 33)
PHP Version : 7.4.18
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /usr/share/augeas/lenses/dist/tests/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME SHELL ]     

Current File : /usr/share/augeas/lenses/dist/tests/test_krb5.aug
module Test_krb5 =

  (* Krb5.conf from Fermilab *)
  let fermi_str = "###
### This krb5.conf template is intended for use with Fermi
### Kerberos v1_2 and later.  Earlier versions may choke on the
### \"auth_to_local = \" lines unless they are commented out.
### The installation process should do all the right things in
### any case, but if you are reading this and haven't updated
### your kerberos product to v1_2 or later, you really should!
###
[libdefaults]
	ticket_lifetime = 1560m
	default_realm = FNAL.GOV
	ccache_type = 4
	default_tgs_enCtypes = des-cbc-crc
	default_tkt_enctypes = des-cbc-crc
	permitted_enctypes = des-cbc-crc des3-cbc-sha1
	default_lifetime = 7d
	renew_lifetime = 7d
	autologin = true
	forward = true
	forwardable = true
	renewable = true
	encrypt = true
        v4_name_convert = {
                host = {
                        rcmd = host
                        }
                }

[realms]
	FNAL.GOV = {
		kdc = krb-fnal-1.fnal.gov:88
		kdc = krb-fnal-2.fnal.gov:88
		kdc = krb-fnal-3.fnal.gov:88
		kdc = krb-fnal-4.fnal.gov:88
		kdc = krb-fnal-5.fnal.gov:88
		kdc = krb-fnal-6.fnal.gov:88
		kdc = krb-fnal-7.fnal.gov:88
		master_kdc = krb-fnal-admin.fnal.gov:88
		admin_server = krb-fnal-admin.fnal.gov
		default_domain = fnal.gov
	}
	WIN.FNAL.GOV = {
		kdc = littlebird.win.fnal.gov:88
		kdc = bigbird.win.fnal.gov:88
		default_domain = fnal.gov
	}
	FERMI.WIN.FNAL.GOV = {
		kdc = sully.fermi.win.fnal.gov:88
		kdc = elmo.fermi.win.fnal.gov:88
		kdc = grover.fermi.win.fnal.gov:88
		kdc = oscar.fermi.win.fnal.gov:88
		kdc = cookie.fermi.win.fnal.gov:88
		kdc = herry.fermi.win.fnal.gov:88
		default_domain = fnal.gov
	}
	UCHICAGO.EDU = {
		kdc = kerberos-0.uchicago.edu
		kdc = kerberos-1.uchicago.edu
		kdc = kerberos-2.uchicago.edu
		admin_server = kerberos.uchicago.edu
		default_domain = uchicago.edu
	}
	PILOT.FNAL.GOV = {
		kdc = i-krb-2.fnal.gov:88
		master_kdc = i-krb-2.fnal.gov:88
		admin_server = i-krb-2.fnal.gov
		default_domain = fnal.gov
        }
	WINBETA.FNAL.GOV = {
		kdc = wbdc1.winbeta.fnal.gov:88
		kdc = wbdc2.winbeta.fnal.gov:88
		default_domain = fnal.gov
	}
	FERMIBETA.WINBETA.FNAL.GOV = {
		kdc = fbdc1.fermibeta.winbeta.fnal.gov:88
		kdc = fbdc2.fermibeta.winbeta.fnal.gov:88
		default_domain = fnal.gov
	}
	CERN.CH = {
		kdc = afsdb2.cern.ch
		kdc = afsdb3.cern.ch
		kdc = afsdb1.cern.ch
		default_domain = cern.ch
		kpasswd_server = afskrb5m.cern.ch
		admin_server = afskrb5m.cern.ch
		v4_name_convert = {
                        host = {
                                rcmd = host
                        }
                }
	}
    1TS.ORG = {
        kdc = kerberos.1ts.org
        admin_server = kerberos.1ts.org
    }
        stanford.edu = {
                kdc = krb5auth1.stanford.edu
                kdc = krb5auth2.stanford.edu
                kdc = krb5auth3.stanford.edu
		master_kdc = krb5auth1.stanford.edu
                admin_server = krb5-admin.stanford.edu
                default_domain = stanford.edu
		krb524_server = krb524.stanford.edu
        }

[instancemapping]
 afs = {
 	cron/* = \"\"
 	cms/* = \"\"
 	afs/* = \"\"
 	e898/* = \"\"
 }

[capaths]

# FNAL.GOV and PILOT.FNAL.GOV are the MIT Kerberos Domains
# FNAL.GOV is production and PILOT is for testing
# The FERMI Windows domain uses the WIN.FNAL.GOV root realm
# with the FERMI.WIN.FNAL.GOV sub-realm where machines and users
# reside.  The WINBETA and FERMIBETA domains are the equivalent
# testing realms for the FERMIBETA domain.  The 2-way transitive
# trust structure of this complex is as follows:
#
# FNAL.GOV <=> PILOT.FNAL.GOV
# FNAL.GOV <=> WIN.FERMI.GOV <=> FERMI.WIN.FERMI.GOV
# PILOT.FNAL.GOV <=> WINBETA.FNAL.GOV <=> FERMIBETA.WINBETA.FNAL.GOV

FNAL.GOV = {
	PILOT.FNAL.GOV = .
	FERMI.WIN.FNAL.GOV = WIN.FNAL.GOV
	WIN.FNAL.GOV = .
	FERMIBETA.WINBETA.FNAL.GOV = WINBETA.FNAL.GOV
	WINBETA.FNAL.GOV = PILOT.FNAL.GOV
}
PILOT.FNAL.GOV = {
	FNAL.GOV = .
	FERMI.WIN.FNAL.GOV = WIN.FNAL.GOV
	WIN.FNAL.GOV = FNAL.GOV
	FERMIBETA.WINBETA.FNAL.GOV = WINBETA.FNAL.GOV
	WINBETA.FNAL.GOV = .
}
WIN.FNAL.GOV = {
	FNAL.GOV = .
	PILOT.FNAL.GOV = FNAL.GOV
	FERMI.WIN.FNAL.GOV = .
	FERMIBETA.WINBETA.FNAL.GOV = WINBETA.FNAL.GOV
	WINBETA.FNAL.GOV = PILOT.FNAL.GOV
}
WINBETA.FNAL.GOV = {
	PILOT.FNAL.GOV = .
	FERMIBETA.WINBETA.FNAL.GOV = .
	FNAL.GOV = PILOT.FNAL.GOV
	FERMI.WIN.FNAL.GOV = WIN.FNAL.GOV
	WIN.FNAL.GOV = PILOT.FNAL.GOV
}

[logging]
	kdc = SYSLOG:info:local1
	admin_server = SYSLOG:info:local2
	default = SYSLOG:err:auth

[domain_realm]
# Fermilab's (non-windows-centric) domains
	.fnal.gov = FNAL.GOV
	.cdms-soudan.org = FNAL.GOV
	.deemz.net = FNAL.GOV
	.dhcp.fnal.gov = FNAL.GOV
	.minos-soudan.org = FNAL.GOV
	i-krb-2.fnal.gov = PILOT.FNAL.GOV
	.win.fnal.gov = WIN.FNAL.GOV
	.fermi.win.fnal.gov = FERMI.WIN.FNAL.GOV
	.winbeta.fnal.gov = WINBETA.FNAL.GOV
	.fermibeta.winbeta.fnal.gov = FERMIBETA.WINBETA.FNAL.GOV
# Fermilab's KCA servers so FERMI.WIN principals work in FNAL.GOV realm
#	winserver.fnal.gov = FERMI.WIN.FNAL.GOV
#	winserver2.fnal.gov = FERMI.WIN.FNAL.GOVA
# Accelerator nodes to FERMI.WIN for Linux/OS X users
	adgroups.fnal.gov = FERMI.WIN.FNAL.GOV
	adusers.fnal.gov = FERMI.WIN.FNAL.GOV
	webad.fnal.gov = FERMI.WIN.FNAL.GOV
# Friends and family (by request)
	.cs.ttu.edu = FNAL.GOV
	.geol.uniovi.es = FNAL.GOV
	.harvard.edu = FNAL.GOV
	.hpcc.ttu.edu = FNAL.GOV
	.infn.it = FNAL.GOV
	.knu.ac.kr  = FNAL.GOV
	.lns.mit.edu = FNAL.GOV
	.ph.liv.ac.uk = FNAL.GOV
	.pha.jhu.edu = FNAL.GOV
	.phys.ttu.edu = FNAL.GOV
	.phys.ualberta.ca = FNAL.GOV
	.physics.lsa.umich.edu = FNAL.GOV
	.physics.ucla.edu = FNAL.GOV
	.physics.ucsb.edu = FNAL.GOV
	.physics.utoronto.ca = FNAL.GOV
	.rl.ac.uk = FNAL.GOV
	.rockefeller.edu = FNAL.GOV
	.rutgers.edu = FNAL.GOV
	.sdsc.edu = FNAL.GOV
	.sinica.edu.tw = FNAL.GOV
	.tsukuba.jp.hep.net = FNAL.GOV
	.ucsd.edu = FNAL.GOV
	.unl.edu = FNAL.GOV
	.in2p3.fr = FNAL.GOV
	.wisc.edu = FNAL.GOV
	.pic.org.es = FNAL.GOV
	.kisti.re.kr = FNAL.GOV

# The whole \"top half\" is replaced during \"ups installAsRoot krb5conf\", so:
# It would probably be a bad idea to change anything on or above this line

# If you need to add any .domains or hosts, put them here
[domain_realm]
	mojo.lunet.edu = FNAL.GOV

[appdefaults]
	default_lifetime = 7d
	retain_ccache = false
	autologin = true
	forward = true
	forwardable = true
	renewable = true
	encrypt = true
	krb5_aklog_path = /usr/bin/aklog

	telnet = {
	}

	rcp = {
		forward = true
		encrypt = false
		allow_fallback = true
	}

	rsh = {
		allow_fallback = true
	}

	rlogin = {
		allow_fallback = false
	}


	login = {
		forwardable = true
		krb5_run_aklog = false
		krb5_get_tickets = true
		krb4_get_tickets = false
		krb4_convert = false
	}

	kinit = {
		forwardable = true
		krb5_run_aklog = false
	}

	kadmin = {
		forwardable = false
	}

	rshd = {
		krb5_run_aklog = false
	}

	ftpd = {
		krb5_run_aklog = false
		default_lifetime = 10h
	}

	pam = {
		debug = false
		forwardable = true
		renew_lifetime = 7d
		ticket_lifetime = 1560m
		krb4_convert = true
		afs_cells = fnal.gov
		krb5_run_aklog = false
	}
"

test Krb5.lns get fermi_str =
  { "#comment" = "##" }
  { "#comment" = "## This krb5.conf template is intended for use with Fermi" }
  { "#comment" = "## Kerberos v1_2 and later.  Earlier versions may choke on the" }
  { "#comment" = "## \"auth_to_local = \" lines unless they are commented out." }
  { "#comment" = "## The installation process should do all the right things in" }
  { "#comment" = "## any case, but if you are reading this and haven't updated" }
  { "#comment" = "## your kerberos product to v1_2 or later, you really should!" }
  { "#comment" = "##" }
  { "libdefaults"
    { "ticket_lifetime" = "1560m" }
    { "default_realm" = "FNAL.GOV" }
    { "ccache_type" = "4" }
    { "default_tgs_enctypes" = "des-cbc-crc" }
    { "#eol" }
    { "default_tkt_enctypes" = "des-cbc-crc" }
    { "#eol" }
    { "permitted_enctypes" = "des-cbc-crc" }
    { "permitted_enctypes" = "des3-cbc-sha1" }
    { "#eol" }
    { "default_lifetime" = "7d" }
    { "renew_lifetime" = "7d" }
    { "autologin" = "true" }
    { "forward" = "true" }
    { "forwardable" = "true" }
    { "renewable" = "true" }
    { "encrypt" = "true" }
    { "v4_name_convert"
      { "host"
        { "rcmd" = "host" }
      }
    }
    {  } }
  { "realms"
    { "realm" = "FNAL.GOV"
      { "kdc" = "krb-fnal-1.fnal.gov:88" }
      { "kdc" = "krb-fnal-2.fnal.gov:88" }
      { "kdc" = "krb-fnal-3.fnal.gov:88" }
      { "kdc" = "krb-fnal-4.fnal.gov:88" }
      { "kdc" = "krb-fnal-5.fnal.gov:88" }
      { "kdc" = "krb-fnal-6.fnal.gov:88" }
      { "kdc" = "krb-fnal-7.fnal.gov:88" }
      { "master_kdc" = "krb-fnal-admin.fnal.gov:88" }
      { "admin_server" = "krb-fnal-admin.fnal.gov" }
      { "default_domain" = "fnal.gov" } }
    { "realm" = "WIN.FNAL.GOV"
      { "kdc" = "littlebird.win.fnal.gov:88" }
      { "kdc" = "bigbird.win.fnal.gov:88" }
      { "default_domain" = "fnal.gov" } }
    { "realm" = "FERMI.WIN.FNAL.GOV"
      { "kdc" = "sully.fermi.win.fnal.gov:88" }
      { "kdc" = "elmo.fermi.win.fnal.gov:88" }
      { "kdc" = "grover.fermi.win.fnal.gov:88" }
      { "kdc" = "oscar.fermi.win.fnal.gov:88" }
      { "kdc" = "cookie.fermi.win.fnal.gov:88" }
      { "kdc" = "herry.fermi.win.fnal.gov:88" }
      { "default_domain" = "fnal.gov" } }
    { "realm" = "UCHICAGO.EDU"
      { "kdc" = "kerberos-0.uchicago.edu" }
      { "kdc" = "kerberos-1.uchicago.edu" }
      { "kdc" = "kerberos-2.uchicago.edu" }
      { "admin_server" = "kerberos.uchicago.edu" }
      { "default_domain" = "uchicago.edu" } }
    { "realm" = "PILOT.FNAL.GOV"
      { "kdc" = "i-krb-2.fnal.gov:88" }
      { "master_kdc" = "i-krb-2.fnal.gov:88" }
      { "admin_server" = "i-krb-2.fnal.gov" }
      { "default_domain" = "fnal.gov" } }
    { "realm" = "WINBETA.FNAL.GOV"
      { "kdc" = "wbdc1.winbeta.fnal.gov:88" }
      { "kdc" = "wbdc2.winbeta.fnal.gov:88" }
      { "default_domain" = "fnal.gov" } }
    { "realm" = "FERMIBETA.WINBETA.FNAL.GOV"
      { "kdc" = "fbdc1.fermibeta.winbeta.fnal.gov:88" }
      { "kdc" = "fbdc2.fermibeta.winbeta.fnal.gov:88" }
      { "default_domain" = "fnal.gov" } }
    { "realm" = "CERN.CH"
      { "kdc" = "afsdb2.cern.ch" }
      { "kdc" = "afsdb3.cern.ch" }
      { "kdc" = "afsdb1.cern.ch" }
      { "default_domain" = "cern.ch" }
      { "kpasswd_server" = "afskrb5m.cern.ch" }
      { "admin_server" = "afskrb5m.cern.ch" }
      { "v4_name_convert"
        { "host"
          { "rcmd" = "host" }
        }
      }
    }
    { "realm" = "1TS.ORG"
      { "kdc" = "kerberos.1ts.org" }
      { "admin_server" = "kerberos.1ts.org" }
    }
    { "realm" = "stanford.edu"
      { "kdc" = "krb5auth1.stanford.edu" }
      { "kdc" = "krb5auth2.stanford.edu" }
      { "kdc" = "krb5auth3.stanford.edu" }
      { "master_kdc" = "krb5auth1.stanford.edu" }
      { "admin_server" = "krb5-admin.stanford.edu" }
      { "default_domain" = "stanford.edu" }
      { "krb524_server" = "krb524.stanford.edu" }
    }
    { } }
  { "instancemapping"
    { "afs"
      { "mapping" = "cron/*" { "value" = "" } }
      { "mapping" = "cms/*"  { "value" = "" } }
      { "mapping" = "afs/*"  { "value" = "" } }
      { "mapping" = "e898/*" { "value" = "" } } }
    { } }
  { "capaths"
    {  }
    { "#comment" = "FNAL.GOV and PILOT.FNAL.GOV are the MIT Kerberos Domains" }
    { "#comment" = "FNAL.GOV is production and PILOT is for testing" }
    { "#comment" = "The FERMI Windows domain uses the WIN.FNAL.GOV root realm" }
    { "#comment" = "with the FERMI.WIN.FNAL.GOV sub-realm where machines and users" }
    { "#comment" = "reside.  The WINBETA and FERMIBETA domains are the equivalent" }
    { "#comment" = "testing realms for the FERMIBETA domain.  The 2-way transitive" }
    { "#comment" = "trust structure of this complex is as follows:" }
    {}
    { "#comment" = "FNAL.GOV <=> PILOT.FNAL.GOV" }
    { "#comment" = "FNAL.GOV <=> WIN.FERMI.GOV <=> FERMI.WIN.FERMI.GOV" }
    { "#comment" = "PILOT.FNAL.GOV <=> WINBETA.FNAL.GOV <=> FERMIBETA.WINBETA.FNAL.GOV" }
    {  }
    { "FNAL.GOV"
      { "PILOT.FNAL.GOV" = "." }
      { "FERMI.WIN.FNAL.GOV" = "WIN.FNAL.GOV" }
      { "WIN.FNAL.GOV" = "." }
      { "FERMIBETA.WINBETA.FNAL.GOV" = "WINBETA.FNAL.GOV" }
      { "WINBETA.FNAL.GOV" = "PILOT.FNAL.GOV" } }
    { "PILOT.FNAL.GOV"
      { "FNAL.GOV" = "." }
      { "FERMI.WIN.FNAL.GOV" = "WIN.FNAL.GOV" }
      { "WIN.FNAL.GOV" = "FNAL.GOV" }
      { "FERMIBETA.WINBETA.FNAL.GOV" = "WINBETA.FNAL.GOV" }
      { "WINBETA.FNAL.GOV" = "." } }
    { "WIN.FNAL.GOV"
      { "FNAL.GOV" = "." }
      { "PILOT.FNAL.GOV" = "FNAL.GOV" }
      { "FERMI.WIN.FNAL.GOV" = "." }
      { "FERMIBETA.WINBETA.FNAL.GOV" = "WINBETA.FNAL.GOV" }
      { "WINBETA.FNAL.GOV" = "PILOT.FNAL.GOV" } }
    { "WINBETA.FNAL.GOV"
      { "PILOT.FNAL.GOV" = "." }
      { "FERMIBETA.WINBETA.FNAL.GOV" = "." }
      { "FNAL.GOV" = "PILOT.FNAL.GOV" }
      { "FERMI.WIN.FNAL.GOV" = "WIN.FNAL.GOV" }
      { "WIN.FNAL.GOV" = "PILOT.FNAL.GOV" } }
    { } }
  { "logging"
    { "kdc"
      { "syslog"
        { "severity" = "info" }
        { "facility" = "local1" } } }
    { "admin_server"
      { "syslog"
        { "severity" = "info" }
        { "facility" = "local2" } } }
    { "default"
      { "syslog"
        { "severity" = "err" }
        { "facility" = "auth" } } }
    {  } }
  { "domain_realm"
    { "#comment" = "Fermilab's (non-windows-centric) domains" }
    { ".fnal.gov" = "FNAL.GOV" }
    { ".cdms-soudan.org" = "FNAL.GOV" }
    { ".deemz.net" = "FNAL.GOV" }
    { ".dhcp.fnal.gov" = "FNAL.GOV" }
    { ".minos-soudan.org" = "FNAL.GOV" }
    { "i-krb-2.fnal.gov" = "PILOT.FNAL.GOV" }
    { ".win.fnal.gov" = "WIN.FNAL.GOV" }
    { ".fermi.win.fnal.gov" = "FERMI.WIN.FNAL.GOV" }
    { ".winbeta.fnal.gov" = "WINBETA.FNAL.GOV" }
    { ".fermibeta.winbeta.fnal.gov" = "FERMIBETA.WINBETA.FNAL.GOV" }
    { "#comment" = "Fermilab's KCA servers so FERMI.WIN principals work in FNAL.GOV realm" }
    { "#comment" = "winserver.fnal.gov = FERMI.WIN.FNAL.GOV" }
    { "#comment" = "winserver2.fnal.gov = FERMI.WIN.FNAL.GOVA" }
    { "#comment" = "Accelerator nodes to FERMI.WIN for Linux/OS X users" }
    { "adgroups.fnal.gov" = "FERMI.WIN.FNAL.GOV" }
    { "adusers.fnal.gov" = "FERMI.WIN.FNAL.GOV" }
    { "webad.fnal.gov" = "FERMI.WIN.FNAL.GOV" }
    { "#comment" = "Friends and family (by request)" }
    { ".cs.ttu.edu" = "FNAL.GOV" }
    { ".geol.uniovi.es" = "FNAL.GOV" }
    { ".harvard.edu" = "FNAL.GOV" }
    { ".hpcc.ttu.edu" = "FNAL.GOV" }
    { ".infn.it" = "FNAL.GOV" }
    { ".knu.ac.kr" = "FNAL.GOV" }
    { ".lns.mit.edu" = "FNAL.GOV" }
    { ".ph.liv.ac.uk" = "FNAL.GOV" }
    { ".pha.jhu.edu" = "FNAL.GOV" }
    { ".phys.ttu.edu" = "FNAL.GOV" }
    { ".phys.ualberta.ca" = "FNAL.GOV" }
    { ".physics.lsa.umich.edu" = "FNAL.GOV" }
    { ".physics.ucla.edu" = "FNAL.GOV" }
    { ".physics.ucsb.edu" = "FNAL.GOV" }
    { ".physics.utoronto.ca" = "FNAL.GOV" }
    { ".rl.ac.uk" = "FNAL.GOV" }
    { ".rockefeller.edu" = "FNAL.GOV" }
    { ".rutgers.edu" = "FNAL.GOV" }
    { ".sdsc.edu" = "FNAL.GOV" }
    { ".sinica.edu.tw" = "FNAL.GOV" }
    { ".tsukuba.jp.hep.net" = "FNAL.GOV" }
    { ".ucsd.edu" = "FNAL.GOV" }
    { ".unl.edu" = "FNAL.GOV" }
    { ".in2p3.fr" = "FNAL.GOV" }
    { ".wisc.edu" = "FNAL.GOV" }
    { ".pic.org.es" = "FNAL.GOV" }
    { ".kisti.re.kr" = "FNAL.GOV" }
    {  }
    { "#comment" = "The whole \"top half\" is replaced during \"ups installAsRoot krb5conf\", so:" }
    { "#comment" = "It would probably be a bad idea to change anything on or above this line" }
    {  }
    { "#comment" = "If you need to add any .domains or hosts, put them here" } }
  { "domain_realm"
    { "mojo.lunet.edu" = "FNAL.GOV" }
    {  } }
  { "appdefaults"
    { "default_lifetime" = "7d" }
    { "retain_ccache" = "false" }
    { "autologin" = "true" }
    { "forward" = "true" }
    { "forwardable" = "true" }
    { "renewable" = "true" }
    { "encrypt" = "true" }
    { "krb5_aklog_path" = "/usr/bin/aklog" }
    {  }
    { "application" = "telnet" }
    {  }
    { "application" = "rcp"
      { "forward" = "true" }
      { "encrypt" = "false" }
      { "allow_fallback" = "true" } }
    {  }
    { "application" = "rsh"
      { "allow_fallback" = "true" } }
    {  }
    { "application" = "rlogin"
      { "allow_fallback" = "false" } }
    {  }
    {  }
    { "application" = "login"
      { "forwardable" = "true" }
      { "krb5_run_aklog" = "false" }
      { "krb5_get_tickets" = "true" }
      { "krb4_get_tickets" = "false" }
      { "krb4_convert" = "false" } }
    {  }
    { "application" = "kinit"
      { "forwardable" = "true" }
      { "krb5_run_aklog" = "false" } }
    {  }
    { "application" = "kadmin"
      { "forwardable" = "false" } }
    {  }
    { "application" = "rshd"
      { "krb5_run_aklog" = "false" } }
    {  }
    { "application" = "ftpd"
      { "krb5_run_aklog" = "false" }
      { "default_lifetime" = "10h" } }
    {  }
    { "application" = "pam"
      { "debug" = "false" }
      { "forwardable" = "true" }
      { "renew_lifetime" = "7d" }
      { "ticket_lifetime" = "1560m" }
      { "krb4_convert" = "true" }
      { "afs_cells" = "fnal.gov" }
      { "krb5_run_aklog" = "false" } } }


(* Example from the krb5 distrubution *)
let dist_str = "[libdefaults]
	default_realm = ATHENA.MIT.EDU
	krb4_config = /usr/kerberos/lib/krb.conf
	krb4_realms = /usr/kerberos/lib/krb.realms

[realms]
	ATHENA.MIT.EDU = {
		admin_server = KERBEROS.MIT.EDU
		default_domain = MIT.EDU
		v4_instance_convert = {
			mit = mit.edu
			lithium = lithium.lcs.mit.edu
		}
	}
	ANDREW.CMU.EDU = {
		admin_server = vice28.fs.andrew.cmu.edu
	}
# use \"kdc =\" if realm admins haven't put SRV records into DNS
        GNU.ORG = {
                kdc = kerberos.gnu.org
                kdc = kerberos-2.gnu.org
                admin_server = kerberos.gnu.org
        }

[domain_realm]
	.mit.edu = ATHENA.MIT.EDU
	mit.edu = ATHENA.MIT.EDU
	.media.mit.edu = MEDIA-LAB.MIT.EDU
	media.mit.edu = MEDIA-LAB.MIT.EDU
	.ucsc.edu = CATS.UCSC.EDU

[logging]
#	kdc = CONSOLE
"

test Krb5.lns get dist_str =
  { "libdefaults"
      { "default_realm" = "ATHENA.MIT.EDU" }
      { "krb4_config" = "/usr/kerberos/lib/krb.conf" }
      { "krb4_realms" = "/usr/kerberos/lib/krb.realms" }
      { } }
    { "realms"
        { "realm" = "ATHENA.MIT.EDU"
            { "admin_server" = "KERBEROS.MIT.EDU" }
            { "default_domain" = "MIT.EDU" }
            { "v4_instance_convert"
                { "mit" = "mit.edu" }
                { "lithium" = "lithium.lcs.mit.edu" } } }
        { "realm" = "ANDREW.CMU.EDU"
            { "admin_server" = "vice28.fs.andrew.cmu.edu" } }
        { "#comment" = "use \"kdc =\" if realm admins haven't put SRV records into DNS" }
        { "realm" = "GNU.ORG"
            { "kdc" = "kerberos.gnu.org" }
            { "kdc" = "kerberos-2.gnu.org" }
            { "admin_server" = "kerberos.gnu.org" } }
        { } }
    { "domain_realm"
        { ".mit.edu" = "ATHENA.MIT.EDU" }
        { "mit.edu" = "ATHENA.MIT.EDU" }
        { ".media.mit.edu" = "MEDIA-LAB.MIT.EDU" }
        { "media.mit.edu" = "MEDIA-LAB.MIT.EDU" }
        { ".ucsc.edu" = "CATS.UCSC.EDU" }
        { } }
    { "logging"
        { "#comment" = "kdc = CONSOLE" } }

(* Test for [libdefaults] *)
test Krb5.libdefaults get "[libdefaults]
	default_realm = ATHENA.MIT.EDU
	krb4_config = /usr/kerberos/lib/krb.conf
	krb4_realms = /usr/kerberos/lib/krb.realms\n\n" =
  { "libdefaults"
    { "default_realm" = "ATHENA.MIT.EDU" }
    { "krb4_config" = "/usr/kerberos/lib/krb.conf" }
    { "krb4_realms" = "/usr/kerberos/lib/krb.realms" }
    { } }

(* Test for [appfdefaults] *)
test Krb5.appdefaults get "[appdefaults]\n\tdefault_lifetime = 7d\n" =
  { "appdefaults" { "default_lifetime" = "7d" } }

test Krb5.appdefaults get
 "[appdefaults]\nrcp = { \n forward = true\n  encrypt = false\n  }\n" =
  { "appdefaults"
      { "application" = "rcp"
          { "forward" = "true" }
          { "encrypt" = "false" } } }

test Krb5.appdefaults get "[appdefaults]\ntelnet = {\n\t}\n" =
  { "appdefaults" { "application" = "telnet" } }

test Krb5.appdefaults get  "[appdefaults]
  rcp = {
    forward = true
    ATHENA.MIT.EDU = {
      encrypt = false
    }
    MEDIA-LAB.MIT.EDU = {
      encrypt = true
    }
    forwardable = true
  }\n"  =
  { "appdefaults"
      { "application" = "rcp"
          { "forward" = "true" }
          { "realm" = "ATHENA.MIT.EDU"
              { "encrypt" = "false" } }
          { "realm" = "MEDIA-LAB.MIT.EDU"
              { "encrypt" = "true" } }
          { "forwardable" = "true" } } }

let appdef = "[appdefaults]
	default_lifetime = 7d
	retain_ccache = false
	autologin = true
	forward = true
	forwardable = true
	renewable = true
	encrypt = true
	krb5_aklog_path = /usr/bin/aklog

	telnet = {
	}

	rcp = {
		forward = true
		encrypt = false
		allow_fallback = true
	}

	rsh = {
		allow_fallback = true
	}

	rlogin = {
		allow_fallback = false
	}


	login = {
		forwardable = true
		krb5_run_aklog = false
		krb5_get_tickets = true
		krb4_get_tickets = false
		krb4_convert = false
	}

	kinit = {
		forwardable = true
		krb5_run_aklog = false
	}

	kadmin = {
		forwardable = false
	}

	rshd = {
		krb5_run_aklog = false
	}

	ftpd = {
		krb5_run_aklog = false
		default_lifetime = 10h
	}

	pam = {
		debug = false
		forwardable = true
		renew_lifetime = 7d
		ticket_lifetime = 1560m
		krb4_convert = true
		afs_cells = fnal.gov
		krb5_run_aklog = false
	}\n"

let appdef_tree =
  { "appdefaults"
    { "default_lifetime" = "7d" }
    { "retain_ccache" = "false" }
    { "autologin" = "true" }
    { "forward" = "true" }
    { "forwardable" = "true" }
    { "renewable" = "true" }
    { "encrypt" = "true" }
    { "krb5_aklog_path" = "/usr/bin/aklog" }
    {  }
    { "application" = "telnet" }
    {  }
    { "application" = "rcp"
      { "forward" = "true" }
      { "encrypt" = "false" }
      { "allow_fallback" = "true" }
    }
    {  }
    { "application" = "rsh"
      { "allow_fallback" = "true" }
    }
    {  }
    { "application" = "rlogin"
      { "allow_fallback" = "false" }
    }
    {  }
    {  }
    { "application" = "login"
      { "forwardable" = "true" }
      { "krb5_run_aklog" = "false" }
      { "krb5_get_tickets" = "true" }
      { "krb4_get_tickets" = "false" }
      { "krb4_convert" = "false" }
    }
    {  }
    { "application" = "kinit"
      { "forwardable" = "true" }
      { "krb5_run_aklog" = "false" }
    }
    {  }
    { "application" = "kadmin"
      { "forwardable" = "false" }
    }
    {  }
    { "application" = "rshd"
      { "krb5_run_aklog" = "false" }
    }
    {  }
    { "application" = "ftpd"
      { "krb5_run_aklog" = "false" }
      { "default_lifetime" = "10h" }
    }
    {  }
    { "application" = "pam"
      { "debug" = "false" }
      { "forwardable" = "true" }
      { "renew_lifetime" = "7d" }
      { "ticket_lifetime" = "1560m" }
      { "krb4_convert" = "true" }
      { "afs_cells" = "fnal.gov" }
      { "krb5_run_aklog" = "false" }
    }
  }


test Krb5.appdefaults get appdef = appdef_tree
test Krb5.lns get appdef = appdef_tree


(* Test realms section *)
let realms_str = "[realms]
   ATHENA.MIT.EDU = {
        admin_server = KERBEROS.MIT.EDU
        default_domain = MIT.EDU
        database_module = ldapconf

        # test
        v4_instance_convert = {
             mit = mit.edu
             lithium = lithium.lcs.mit.edu
        }
        v4_realm = LCS.MIT.EDU
   }\n"

test Krb5.lns get realms_str =
  { "realms"
    { "realm" = "ATHENA.MIT.EDU"
      { "admin_server" = "KERBEROS.MIT.EDU" }
      { "default_domain" = "MIT.EDU" }
      { "database_module" = "ldapconf" }
      { }
      { "#comment" = "test" }
      { "v4_instance_convert"
        { "mit" = "mit.edu" }
        { "lithium" = "lithium.lcs.mit.edu" } }
      { "v4_realm" = "LCS.MIT.EDU" } } }

(* Test dpmain_realm section *)
let domain_realm_str = "[domain_realm]
    .mit.edu = ATHENA.MIT.EDU
    mit.edu = ATHENA.MIT.EDU
    dodo.mit.edu = SMS_TEST.MIT.EDU
    .ucsc.edu = CATS.UCSC.EDU\n"

test Krb5.lns get domain_realm_str =
  { "domain_realm"
      { ".mit.edu" = "ATHENA.MIT.EDU" }
      { "mit.edu" = "ATHENA.MIT.EDU" }
      { "dodo.mit.edu" = "SMS_TEST.MIT.EDU" }
      { ".ucsc.edu" = "CATS.UCSC.EDU" } }

(* Test logging section *)
let logging_str = "[logging]
    kdc = CONSOLE
    kdc = SYSLOG:INFO:DAEMON
    admin_server = FILE:/var/adm/kadmin.log
    admin_server = DEVICE=/dev/tty04\n"

test Krb5.lns get logging_str =
  { "logging"
      { "kdc"
          { "console" } }
      { "kdc"
          { "syslog"
              { "severity" = "INFO" }
              { "facility" = "DAEMON" } } }
      { "admin_server"
          { "file" = "/var/adm/kadmin.log" } }
      { "admin_server"
          { "device" = "/dev/tty04" } } }

(* Test capaths section *)
let capaths_str = "[capaths]
    ANL.GOV = {
         TEST.ANL.GOV = .
         PNL.GOV = ES.NET
         NERSC.GOV = ES.NET
         ES.NET = .
    }
    TEST.ANL.GOV = {
         ANL.GOV = .
    }
    PNL.GOV = {
         ANL.GOV = ES.NET
    }
    NERSC.GOV = {
         ANL.GOV = ES.NET
    }
    ES.NET = {
         ANL.GOV = .
    }\n"

test Krb5.lns get capaths_str =
  { "capaths"
      { "ANL.GOV"
          { "TEST.ANL.GOV" = "." }
          { "PNL.GOV" = "ES.NET" }
          { "NERSC.GOV" = "ES.NET" }
          { "ES.NET" = "." } }
      { "TEST.ANL.GOV"
          { "ANL.GOV" = "." } }
      { "PNL.GOV"
          { "ANL.GOV" = "ES.NET" } }
      { "NERSC.GOV"
          { "ANL.GOV" = "ES.NET" } }
      { "ES.NET"
          { "ANL.GOV" = "." } } }

(* Test instancemapping *)

test Krb5.instance_mapping get "[instancemapping]
 afs = {
 	cron/* = \"\"
 	cms/* = \"\"
 	afs/* = \"\"
 	e898/* = \"\"
 }\n" =
  { "instancemapping"
      { "afs"
          { "mapping" = "cron/*"
              { "value" = "" } }
          { "mapping" = "cms/*"
              { "value" = "" } }
          { "mapping" = "afs/*"
              { "value" = "" } }
          { "mapping" = "e898/*"
              { "value" = "" } } } }

test Krb5.kdc get "[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf\n" =
  { "kdc"
    { "profile" = "/var/kerberos/krb5kdc/kdc.conf" } }

(* v4_name_convert in libdefaults *)
test Krb5.libdefaults get "[libdefaults]
        default_realm = MY.REALM
	clockskew = 300
	v4_instance_resolve = false
	v4_name_convert = {
		host = {
			rcmd = host
			ftp = ftp
		}
		plain = {
			something = something-else
		}
	}\n" =

  { "libdefaults"
    { "default_realm" = "MY.REALM" }
    { "clockskew" = "300" }
    { "v4_instance_resolve" = "false" }
    { "v4_name_convert"
      { "host" { "rcmd" = "host" } { "ftp" = "ftp" } }
      { "plain" { "something" = "something-else" } } } }

(* Test pam section *)
let pam_str = "[pam]
 debug = false
 ticket_lifetime = 36000
 renew_lifetime = 36000
 forwardable = true
 krb4_convert = false
"

test Krb5.lns get pam_str =
  { "pam"
      { "debug" = "false" }
      { "ticket_lifetime" = "36000" }
      { "renew_lifetime" = "36000" }
      { "forwardable" = "true" }
      { "krb4_convert" = "false" } }

(* Ticket #274 - multiple *enctypes values *)
let multiple_enctypes = "[libdefaults]
permitted_enctypes = arcfour-hmac-md5 arcfour-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc aes128-cts
default_tgs_enctypes = des3-cbc-sha1 des-cbc-md5
default_tkt_enctypes = des-cbc-md5
"

test Krb5.lns get multiple_enctypes =
  { "libdefaults"
    { "permitted_enctypes" = "arcfour-hmac-md5" }
    { "permitted_enctypes" = "arcfour-hmac" }
    { "permitted_enctypes" = "des3-cbc-sha1" }
    { "permitted_enctypes" = "des-cbc-md5" }
    { "permitted_enctypes" = "des-cbc-crc" }
    { "permitted_enctypes" = "aes128-cts" }
    { "#eol" }
    { "default_tgs_enctypes" = "des3-cbc-sha1" }
    { "default_tgs_enctypes" = "des-cbc-md5" }
    { "#eol" }
    { "default_tkt_enctypes" = "des-cbc-md5" }
    { "#eol" }
  }

(* Ticket #274 - v4_name_convert subsection *)
let v4_name_convert = "[realms]
 EXAMPLE.COM = {
  kdc = kerberos.example.com:88
  admin_server = kerberos.example.com:749
  default_domain = example.com
  ticket_lifetime = 12h
  v4_name_convert = {
     host = {
       rcmd = host
     }
  }
 }
"

test Krb5.lns get v4_name_convert =
  { "realms"
    { "realm" = "EXAMPLE.COM"
      { "kdc" = "kerberos.example.com:88" }
      { "admin_server" = "kerberos.example.com:749" }
      { "default_domain" = "example.com" }
      { "ticket_lifetime" = "12h" }
      { "v4_name_convert"
        { "host"
          { "rcmd" = "host" }
        }
      }
    }
  }

(* Ticket #288: semicolons for comments *)
test Krb5.lns get "; AD  : This Kerberos configuration is for CERN's Active Directory realm.\n" =
    { "#comment" = "AD  : This Kerberos configuration is for CERN's Active Directory realm." }

(* RHBZ#1066419: braces in values *)
test Krb5.lns get "[libdefaults]\n
default_ccache_name = KEYRING:persistent:%{uid}\n" =
  { "libdefaults"
    {  }
    { "default_ccache_name" = "KEYRING:persistent:%{uid}" } }

(* Include(dir) tests *)
let include_test = "include /etc/krb5.other_conf.d/other.conf
includedir /etc/krb5.conf.d/
"

test Krb5.lns get include_test =
  { "include" = "/etc/krb5.other_conf.d/other.conf" }
  { "includedir" = "/etc/krb5.conf.d/" }

let include2_test = "[logging]
 default = FILE:/var/log/krb5libs.log

include /etc/krb5.other_conf.d/other.conf

includedir /etc/krb5.conf.d/
"

test Krb5.lns get include2_test =
  { "logging"
    { "default"
      { "file" = "/var/log/krb5libs.log" } }
    {  }
  }
  { "include" = "/etc/krb5.other_conf.d/other.conf" }
  {  }
  { "includedir" = "/etc/krb5.conf.d/" }

(* [dbmodules] test *)
let dbmodules_test = "[dbmodules]
    ATHENA.MIT.EDU = {
        disable_last_success = true
    }
    db_module_dir = /some/path
"

test Krb5.lns get dbmodules_test =
  { "dbmodules"
    { "realm" = "ATHENA.MIT.EDU"
      { "disable_last_success" = "true" }
    }
    { "db_module_dir" = "/some/path" }
  }

(* [plugins] test *)
let plugins_test = "[plugins]
    clpreauth = {
        module = mypreauth:/path/to/mypreauth.so
    }
    ccselect = {
        disable = k5identity
    }
    pwqual = {
        module = mymodule:/path/to/mymodule.so
        module = mymodule2:/path/to/mymodule2.so
        enable_only = mymodule
    }
    kadm5_hook = {
    }
"

test Krb5.lns get plugins_test =
  { "plugins"
    { "clpreauth"
      { "module" = "mypreauth:/path/to/mypreauth.so" }
    }
    { "ccselect"
      { "disable" = "k5identity" }
    }
    { "pwqual"
      { "module" = "mymodule:/path/to/mymodule.so" }
      { "module" = "mymodule2:/path/to/mymodule2.so" }
      { "enable_only" = "mymodule" }
    }
    { "kadm5_hook"
    }
  }

Anon7 - 2022
AnonSec Team