Draft Test Cases for Fedora Server Final Criteria

[Stephen Gallagher]

On Tue, 2014-11-04 at 16:58 -0500, Stephen Gallagher wrote:
> So, at today's Server WG meeting, I was asked to come up with a
> high-level draft of some additional requirements to validate for Final
> criteria. Most of these probably should be Beta criteria in F22, but we
> didn't have them as such this time around. I'll differentiate them as
> such below. It should be understood that Final validation is a superset
> of Beta validation, so anything we add in that category applies to both.
> 
> == Beta Criteria ==
> 
> === Domain Controller ===
> * The Domain Controller must be capable of serving LDAP requests on port
> 389. This should be validated by the use of the ldapsearch tool.
> 
> * The Domain Controller must be capable of serving TLS-encrypted LDAP
> requests on port 389. This should be validated by the use of the
> ldapsearch tool.
> 
> * The Domain Controller must be capable of serving LDAPS (LDAP encrypted
> with SSL) over port 636. This should be validated by the use of the
> ldapsearch tool.
> 
> * The Domain Controller must be capable of returning LDAP and LDAPS
> search results using simple auth (the -x option to ldapsearch) or
> SASL/GSSAPI auth (the -Y GSSAPI option). This should be validated by the
> use of the ldapsearch tool.
> 
> * The Domain Controller must be capable of serving DNS host records on
> port 53. This should be validated by the use of the 'dig' tool.
> 
> === FreeIPA Domain Client ===
> * Enrolled clients must be capable of authenticating against a valid
> user account using SSSD.
> * Enrolled clients must honor FreeIPA HBAC rules for access-control.
> * Enrolled clients must be able to change their passwords according to
> the password policy specified by the FreeIPA server
> * Users must be capable of performing password-less single-sign-on
> between two enrolled clients using GSSAPI.
> 
> 
> 
> == Final Criteria ==
> 
> === Domain Controller ===
> * The Domain Controller must be capable of serving DNS SRV records for
> ldap and kerberos on port 53. This is used for auto-discovery.
> 
> === FreeIPA Domain Client ===
> * When configured to use the Domain Controller for DNS services, the
> domain client must be able to use DNS to discover the Domain Controller
> address using SRV records.
> 
> * When configured to use FreeIPA for host-key validation, initial SSH
> between domain clients should not prompt the user to accept the SSH
> public key.


Any other comments on this? We enter Freeze tomorrow and I'd like for us
to have a clear view of what we're willing to block on.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/server/attachments/20141117/ebccf62e/attachment.sig>