git.ipfire.org Git - thirdparty/bind9.git/commit

author	Michał Kępień <michal@isc.org>
	Mon, 6 Oct 2025 11:19:50 +0000 (13:19 +0200)
committer	Michał Kępień <michal@isc.org>
	Mon, 6 Oct 2025 11:19:50 +0000 (13:19 +0200)
commit	73197feec7709b164f9154b2a6d1e67747d86f97
tree	980a2a891dea5beb1026a95387a3bb51a51b4356	tree \| snapshot
parent	9170722cb375ccf9291445a05d37fd53b7369274	commit \| diff

Stop using "tkey-gssapi-credential" in tests

Since the "tkey-gssapi-credential" statement is now deprecated and is
about to be removed, migrate the only system test using it ("nsupdate")
to "tkey-gssapi-keytab".

Currently, the GSS-TSIG parts of the "nsupdate" system test require
properly setting up a combination of:

- "tkey-gssapi-credential" statements in named.conf files,
- the KRB5_KTNAME environment variable.

Specifically, this configuration causes named startup to include
acquiring the credential that GSS-API is allowed to match keys against
from a keytab file specified by the KRB5_KTNAME environment variable.

By contrast, the revised configuration uses the "tkey-gssapi-keytab"
statement, which makes GSS-API match keys against any credential present
in the specified keytab file.

Since both keytabs in question (ns9/dns.keytab, ns10/dns.keytab) only
contain a single credential, the two configurations are functionally
equivalent, with the revised one being significantly more readable and
simpler to prepare.

bin/tests/system/isctest/vars/basic.py		diff \| blob \| blame \| history
bin/tests/system/nsupdate/ns10/named.conf.in		diff \| blob \| blame \| history
bin/tests/system/nsupdate/ns9/named.conf.in		diff \| blob \| blame \| history
bin/tests/system/nsupdate/setup.sh		diff \| blob \| blame \| history