> It would be nice to use EXAMPLE.ORG realms or something that will > never resolve to a real realm.
It _does_ use a test realm, but the test never the less is disturbed by a completely unrelated ticket at the default ticket location. That is a bug in the testing framework or in some utility which does not obide setting KRB5CCNAME and looks at other locations anyway. > Typically the build system leaves some logs behind during "make check" > in each test directory (eg tests/kdc/test-suite.log). Yesss, thanks, now next workday and now I continue the hunt for bugs with new coffee and bash -x. >> FAIL: check-pkinit This seems to be one more bug in the test-suite. What I get is + /usr/local/src/heimdal-7.1.0-build-lmdb/kuser/kinit -c FILE:../../tests/kdc/c\ ache.krb5 --no-afslog -C PKCS11:../../tests/kdc/../../lib/hx509/.libs/libhx509.\ so f...@test.h5l.se kinit: Password incorrect Which is from check-pkinit around these lines: for a in libhx509.so .libs/libhx509.so libhx509.dylib .libs/libhx509.dylib ; do if [ -f $dir/$a ] ; then file=$dir/$a break fi done if [ X"$file" != X -a true ] ; then echo "Trying pk-init (principal in pki-mapping file) "; > messages.log ${kinit} -C PKCS11:${file} foo@${R} || \ { ec=1 ; eval "${testfailed}"; } ${kgetcred} ${server}@${R} || { ec=1 ; eval "${testfailed}"; } ${kdestroy} fi The "-C PKCS11:${file}" seems broken. I guess the -C flag should take a cert and not a library as an argument. BTW, the -C flag is not documented in the kinit manual page and it would be good if the messages "Trying..." would be unique. >> FAIL: check-iprop This error was due to wc not being compatible between Linux and FreeBSD: linux$ echo foo | wc -l 1 freebsd$ echo foo | wc -l 1 Note the extra spaces which blow up in the following expr which can not handle that. Patch: --- check-iprop.in.orig 2016-12-29 10:25:05.379171000 +0100 +++ check-iprop.in 2016-12-29 10:25:47.205435000 +0100 @@ -384,7 +384,7 @@ # and LMDB levels. # echo "checking that principals in DB == entries in LMDB" - princs=`${kadmin} -l list '*' | wc -l` + princs=`${kadmin} -l list '*' | wc -l | awk '{print $1}'` entries=`mdb_stat -n current-db.mdb | grep 'Entries:' | awk '{print $2}'` [ "`expr 1 + "$princs"`" -eq "$entries" ] || exit 1 fi I think it's OK to use awk to get rid of the whitespace as awk already is used in the script. Other alternative to get rid of spaces would be + set `${kadmin} -l list '*' | wc -l` + princs=$1 Now back to testing different database backends, Harald.