URL:
https://github.com/freeipa/freeipa/pull/5611
Author: wladich
Title: #5611: ipatests: add test for kdcproxy handling reply split to several TCP
packets
Action: opened
PR body:
"""
This is a regression test for the bug in python-kdcproxy mentioned in
https://github.com/latchset/kdcproxy/pull/44
When the reply from AD is split into several TCP packets the kdc
proxy software cannot handle it and returns a false error message
indicating it cannot contact the KDC server.
This could be observed as login failures of AD user on IPA clients
when:
* IPA client was configured to use kdcproxy to communicate with AD
* kdcproxy used TCP to communicate with AD
* response from AD to kdcproxy was split into several packets
This patch also refactors and improves existing tests:
* switch to using pytest fixtures for test setup and cleanup steps to make
them isolated and reusable
* simulate a much more restricted network environment: instead of blocking
single 88 port we now block all outgoing traffic except few essential
ports
* add basic tests for using kdcproxy to communicate between IPA client
and AD DC.
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5611/head:pr5611
git checkout pr5611