Draft Test Cases for Fedora Server Final Criteria
John Unland
opensourcejohn2112 at gmail.com
Tue Nov 18 01:13:52 UTC 2014
I guess this is just a side comment, but when doing testing last week
I really wanted to have a "Custom Role" to the software selection. I
can see this being used for specialized server software like the Yocto
Project (Embedded Linux creation tool), even more so because that
project is currently developing a web UI where you can create your
embedded OS through a web browser and also have multiple people logged
into. Of course I think this should go in F22, this is just a
thought....
On Mon, Nov 17, 2014 at 1:32 PM, Stephen Gallagher <sgallagh at redhat.com> wrote:
>
>
>
> On Tue, 2014-11-04 at 16:58 -0500, Stephen Gallagher wrote:
>> So, at today's Server WG meeting, I was asked to come up with a
>> high-level draft of some additional requirements to validate for Final
>> criteria. Most of these probably should be Beta criteria in F22, but we
>> didn't have them as such this time around. I'll differentiate them as
>> such below. It should be understood that Final validation is a superset
>> of Beta validation, so anything we add in that category applies to both.
>>
>> == Beta Criteria ==
>>
>> === Domain Controller ===
>> * The Domain Controller must be capable of serving LDAP requests on port
>> 389. This should be validated by the use of the ldapsearch tool.
>>
>> * The Domain Controller must be capable of serving TLS-encrypted LDAP
>> requests on port 389. This should be validated by the use of the
>> ldapsearch tool.
>>
>> * The Domain Controller must be capable of serving LDAPS (LDAP encrypted
>> with SSL) over port 636. This should be validated by the use of the
>> ldapsearch tool.
>>
>> * The Domain Controller must be capable of returning LDAP and LDAPS
>> search results using simple auth (the -x option to ldapsearch) or
>> SASL/GSSAPI auth (the -Y GSSAPI option). This should be validated by the
>> use of the ldapsearch tool.
>>
>> * The Domain Controller must be capable of serving DNS host records on
>> port 53. This should be validated by the use of the 'dig' tool.
>>
>> === FreeIPA Domain Client ===
>> * Enrolled clients must be capable of authenticating against a valid
>> user account using SSSD.
>> * Enrolled clients must honor FreeIPA HBAC rules for access-control.
>> * Enrolled clients must be able to change their passwords according to
>> the password policy specified by the FreeIPA server
>> * Users must be capable of performing password-less single-sign-on
>> between two enrolled clients using GSSAPI.
>>
>>
>>
>> == Final Criteria ==
>>
>> === Domain Controller ===
>> * The Domain Controller must be capable of serving DNS SRV records for
>> ldap and kerberos on port 53. This is used for auto-discovery.
>>
>> === FreeIPA Domain Client ===
>> * When configured to use the Domain Controller for DNS services, the
>> domain client must be able to use DNS to discover the Domain Controller
>> address using SRV records.
>>
>> * When configured to use FreeIPA for host-key validation, initial SSH
>> between domain clients should not prompt the user to accept the SSH
>> public key.
>
>
> Any other comments on this? We enter Freeze tomorrow and I'd like for us
> to have a clear view of what we're willing to block on.
>
> _______________________________________________
> server mailing list
> server at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/server
More information about the server
mailing list