• Jim Garlick's avatar
    gssapi: add a basic test for GSSAPI security · edd6b0ad
    Jim Garlick authored
    Problem: there is no test coverage for GSSAPI.
    
    Solution: add a test structured like the CURVE test.
    
    The test is not built if libzmq is not configured with
    --with-libgssapi_krb5. It will report SKIPPED status
    if the required environment is missing (see below).
    
    Environment:  KRB5_KTNAME and KRB5_CLIENT_KTNAME
    environment variables must point to a keytab file
    containing creds for a host-based test principal
    (see comment at top of source for details).
    Kerberos must be configured and a KDC containing the
    test principal must be running, otherwise the test
    will fail/hang.
    
    N.B. For now, the test must use the same principal for
    both client and server roles because it seems impossible
    to set them to different principals when they are
    threads in the same process.  Once one principal is
    cached in credential cache, attempts to acquire creds
    for a different "desired name" seem to be ignored and
    the cached principal is used instead.
    edd6b0ad
test_security_gssapi.cpp 11.1 KB