Conversation
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces several enhancements to the SSSD test framework, primarily focusing on Kerberos-related testing utilities. It integrates new Kerberos keytab and authentication utilities into the client role, expands the capabilities for creating KDC principals with more specific options, and adds a robust method for changing user passwords via SSH, which is crucial for testing Kerberos password change flows. These changes collectively improve the framework's ability to simulate and test complex Kerberos authentication scenarios. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces changes for Kerberos-related testing utilities. The modifications to kdc.py to allow for more flexible principal creation and the additions to client.py are well-implemented. I've identified a small area for improvement in a new expect script within authentication.py to enhance its reliability.
madhuriupadhye
force-pushed
the
krb_misc
branch
3 times, most recently
from
b1d3713 to
fb27c3a
Compare
danlavu
left a comment
danlavu
left a comment
There was a problem hiding this comment.
So, I looked at the tests, and I don't think it's important to do this on LDAP/KRB5. I suggest we convert the tests and use the IPA provider. Thoughts?
Only BZ 773660 (clock skew) can use IPA — krb5_child runs the same way under IPA auth. BZ 869150 and BZ 805281 cannot — they require manual keytab manipulation (remove, replace), which breaks IPA enrollment. IPA owns its keytab and uses ipa_child instead of ldap_child, so the bug paths aren't exercised. |
Ack, understood. I'd like to better understand the case for passwd over SSH. If it's simply logging in via ssh, then issuing 'passwd', we should make it like the others. Because we have
make it
|
Those changes require for next set of tests, so can I remove it from this PR and will create the new fresh PR for with next set of tests. |
? |
madhuriupadhye
force-pushed
the
krb_misc
branch
2 times, most recently
from
f8939c8 to
e4bbbc5
Compare
Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
danlavu
left a comment
danlavu
left a comment
There was a problem hiding this comment.
This looks great! thank you!
3 participants
No description provided.