Kerberos Tests

Introduction

This directory and its sub-directories contain source files and scripts used to test the Kerberos secure transport provider.

Jtreg tests

There are three jtreg tests, and they can be run as following: 
jtreg -va runTestEndpoints.sh
jtreg -va runTestPerformance.sh
jtreg -va TestVerifier.java
Note before running the jtreg tests, one need to specify which JavaTM installation has the intended overture.jar in its extension directory, one way to accomplish this is by setting the environment variable JAVA_HOME before running the jtreg tests. In addition a valid jgssTests.keytab has to present in the config directory, and krb-setenv.sh has to be updated to contain the right KDC information.

Generate jgssTests.keytab

jgssTests.keytab contains Kerberos keys for the following six principals: 
testClient1
testClient2
testClient3
testServer1
testServer2
testServer3
These six principal names are hard coded in TestEndpoints.java. If you decide to use principals other then these in the keytab, you will need to update TestEndpoints.java, as well as config/testEndpoints.login, accordingly. Beginning in version 1.4.1, the JavaTM 2 SDK, Standard Edition provides three client-side Kerberos tools: kinit, klist, and ktab in its Windows and Linux distributions. Once the six principals are added to the KDC, one can use ktab to generate jgssTest.keytab on a client machine. 
ktab -a <principal_name> <password> -k <keytab_name>
To check what entries are in a keytab file, use: 
ktab -l -k <keytab_name>
On SolarisTM Operating System (Solaris OS), kadmin has to be used to generate the keytab file, and klist can be used to verify its content.

Generate TGT caches

Instead of using kinit, the class sun.security.krb5.internal.tools.Kinit packaged in jre/lib/rt.jar is used to obtain and cache Kerberos TGTs. This allows us to avoid the complications caused by the re-movement of kinit from JDK1.4.2 for Solaris OS, and the fact that kinit can only get its realm and kdc host information from a krb5.conf file.

A script initTGTs.sh is provided in the scripts directory to aid TGT caches creation before non-jtreg tests can run.

Kerberos login module documentation

The Java Authentication and Authorization Service (JAAS) login module for Kerberos is Krb5LoginModule. To find out what options it supports and how to setup its configuration file, click here.

Run endpoint tests concurrently

source: ConcurrentTests.java
script to run: scripts/runConcurrent.sh [-c]
When "-c" option is specified, compile the source before run.

Run performance tests

source: TestPerformance.java
script to run: scripts/runPerf.sh [-c]
When "-c" option is specified, compile the source before run.

Run endpoint tests

source: TestEndpoints.java
script to run: scripts/runTeps.sh [-c]
When "-c" option is specified, compile the source before run.

Run both endpoint tests and verifier tests

source: TestAll.java
script to run: scripts/runAll.sh [-c]
When "-c" option is specified, compile the source before run.

Run jgss short message round-trip time measurement test

source: JgssPerfTest.java
script to run: scripts/runJgssPerf.sh [-c]
When "-c" option is specified, compile the source before run.