Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-1196

improve Kerberos name parsing and canonicalization testing

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: server, tests
    • Labels:
      None
    • Tags:
      security

      Description

      Currently we are not testing Kerberos name parsing. Kerberos name parsing is error prone because Keberos principals are complex; see http://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-user/What-is-a-Kerberos-Principal_003f.html.

      Bugs such as https://issues.apache.org/jira/browse/ZOOKEEPER-1195 would have been caught, had we better tests. Although we cannot test (yet) a full end-to-end KDC realm, we can at least test Kerberos principal syntax and semantics.

        Attachments

        1. SaslAuthNameTest.patch
          8 kB
          Tom Klonikowski

          Issue Links

            Activity

              People

              • Assignee:
                ekoontz Eugene Koontz
                Reporter:
                ekoontz Eugene Koontz
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated: