On Sun, 2018-08-05 at 10:34 +0300, Alexander Bokovoy wrote:
On pe, 03 elo 2018, Adam Williamson wrote:
> On Thu, 2018-08-02 at 15:12 +0300, Alexander Bokovoy wrote:
> > Yes, I reviewed those. They are fine.
> OK, thanks for the feedback. I've merged the tests to master, now, and
> once we finally get a Rawhide that actually *works*, they should run in
> Do you think there's anything additional we should be testing here,
> bearing in mind the earlier conversation about not having sufficient
> testing for F28? Or do you think these tests cover what's essential?
These tests do cover an essential part of deploying FreeIPA.
We might want to expand that in future but it would really be a
crossover with the Desktop edition.
For example, FreeIPA 4.5 added support for PKINIT, Kerberos with smart
cards. We have it enabled on the server side and also in SSSD. Through
SSSD it is enabled for GDM. An ideal case would be:
- add a user
- issue a certificate to the user
- ensure user can obtain a Kerberos ticket using this certificate via
- provision the cert to a SoftHSMv2 token
- use SoftHSMv2 token as a PKCS#11 'smart card' to login to GNOME
- ensure that after logon user has a Kerberos ticket and can use it to
access FreeIPA web UI
Note that we aren't using passwords anywhere here to login to GNOME.
OK, that's kinda separate from replication. I was thinking specifically
in the area of replication at least in this thread, though obviously
other FreeIPA testing can be done (there's a couple of tickets already
open requesting things).
I guess the thing I was kinda expecting someone to suggest was testing
things with one of the servers not running - the stuff I split out into
the 'advanced' test case on the wiki pages,
. Do you think it's very important to do that testing too, or should
just testing the replication process itself and that the client can
enrol against the replica (rather than the original server) be a good
enough test? I can add the 'advanced' tests if desired, it just
requires some more inter-test communication magic...
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net