On pe, 03 elo 2018, Adam Williamson wrote:
On Thu, 2018-08-02 at 15:12 +0300, Alexander Bokovoy wrote:
> Yes, I reviewed those. They are fine.
OK, thanks for the feedback. I've merged the tests to master, now, and
once we finally get a Rawhide that actually *works*, they should run in
Do you think there's anything additional we should be testing here,
bearing in mind the earlier conversation about not having sufficient
testing for F28? Or do you think these tests cover what's essential?
These tests do cover an essential part of deploying FreeIPA.
We might want to expand that in future but it would really be a
crossover with the Desktop edition.
For example, FreeIPA 4.5 added support for PKINIT, Kerberos with smart
cards. We have it enabled on the server side and also in SSSD. Through
SSSD it is enabled for GDM. An ideal case would be:
- add a user
- issue a certificate to the user
- ensure user can obtain a Kerberos ticket using this certificate via
- provision the cert to a SoftHSMv2 token
- use SoftHSMv2 token as a PKCS#11 'smart card' to login to GNOME
- ensure that after logon user has a Kerberos ticket and can use it to
access FreeIPA web UI
Note that we aren't using passwords anywhere here to login to GNOME.
For the release validation process, I'm planning to make any
how I found I actually needed to do things in openQA, then add it to
the Server validation matrix, and propose an extension to the release
criteria to cover replication. Does that sound OK to everyone?
/ Alexander Bokovoy