On Tue, 3 Sep 2024 07:57:47 GMT, Fernando Guallini <fguall...@openjdk.org> wrote:
>> There are 3 manual GSS-API/Kerberos tests that require a manual setup and >> were added to the problem list years ago: >> >> - com/sun/security/sasl/gsskerb/**AuthOnly**-> Verifies that both client and >> server have completed the authentication process. >> - com/sun/security/sasl/gsskerb/**NoSecurityLayer** -> Attempts to use wrap >> and unwrap to demonstrate that these operations should not be allowed >> without a negotiated security layer. >> - com/sun/security/sasl/gsskerb/**ConfSecurityLayer** -> Demonstrates the >> use of the security layer by wrapping and unwrapping messages on both client >> and server sides. >> >> These tests need manual setup of a KDC environment, service/user principals, >> keytabs, JAAS configuration, and script adjustments. All that is time >> consuming and error prone. These do not fail if configured properly. >> >> In contrast, the automated test sun/security/krb5/auto/**SaslBasic** already >> covers these scenarios and sets up the KDC with the necessary principals >> **automatically**, no manual setup is required. This class starts a simple >> KDC with one realm, several typical principal names, generates krb5.conf and >> keytab files, and setup a JAAS login config file. >> >> I've enhanced SaslBasic to include additional wrap/unwrap checks with and >> without a security layer. As a result, the 3 manual tests and their >> associated files are now redundand and can be removed, as they no longer >> provide additional value. > > Fernando Guallini has updated the pull request with a new target base due to > a merge or a rebase. The pull request now contains four commits: > > - Merge branch 'master' into 8337723 > - refactoring > - Merge branch 'master' into 8337723 > - remov gsskerb tests Bump, still looking for a review 🙏 ------------- PR Comment: https://git.openjdk.org/jdk/pull/20464#issuecomment-2391815778
