On Mon, 2021-01-25 at 14:04 -0500, Tom Lane wrote:
> Jacob Champion <pchamp...@vmware.com> writes:
> > On Mon, 2021-01-25 at 13:49 -0500, Tom Lane wrote:
> > > Also, why are you only setting the ENV variable within narrow parts
> > > of the test script? I'd be inclined to enforce it throughout.
> > I considered it and decided I didn't want to pollute the server's
> > environment with it, since the server shouldn't need the client cache.
>
> True, but if it did try to access the cache, accessing the user's
> normal cache would be strictly worse than accessing the test cache.
That's fair. Attached is a v2 that just sets KRB5CCNAME globally. Makes
for a much smaller patch :)
--Jacob
From 86a7331868e6155488e568864c099caf1f21dffb Mon Sep 17 00:00:00 2001
From: Jacob Champion <pchamp...@vmware.com>
Date: Mon, 25 Jan 2021 09:32:44 -0800
Subject: [PATCH] test/kerberos: use a local credentials cache
Previously, the Kerberos test suite pushed credentials into the user's
default credentials cache. This modified any credentials the user
already had, and could cause other psql invocations to misbehave later,
as the GSS implementation attempted to use the globally cached test
credentials.
Use a local credentials cache at tmp_check/krb5cc instead. Clients can
be directed to use this cache via the KRB5CCNAME environment variable.
---
src/test/kerberos/t/001_auth.pl | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/test/kerberos/t/001_auth.pl b/src/test/kerberos/t/001_auth.pl
index 8625059149..044e58018f 100644
--- a/src/test/kerberos/t/001_auth.pl
+++ b/src/test/kerberos/t/001_auth.pl
@@ -79,6 +79,10 @@ my $dbname = 'postgres';
my $username = 'test1';
my $application = '001_auth.pl';
+# Avoid polluting the global credentials cache by creating our own and pointing
+# the clients to it. kinit and psql will use this implicitly.
+$ENV{KRB5CCNAME} = "${TestLib::tmp_check}/krb5cc";
+
note "setting up Kerberos";
my ($stdout, $krb5_version);
--
2.25.1
