修改域名 (#9)

Reviewed-on: #9

.gitignore

@@ -179,3 +179,4 @@ a.out
 sample/server
 sample/client
 sample/core
+*.keytab

sample/client.py

@@ -20,13 +20,13 @@ def recv_data():
     return data
 
 curr_path = os.getcwd()
-os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf"
+os.environ["KRB5_CONFIG"] = curr_path + "/krb5.conf"
 os.environ["KRB5CCNAME"]  = "/tmp/krb5cc_cli_1000"
-os.environ["KRB5_KTNAME"] = curr_path + "/client/cli.keytab"
+os.environ["KRB5_KTNAME"] = curr_path + "/cli.keytab"
 os.environ["KRB5_TRACE"] = "/tmp/client.log"
-principal = "cli@TEST.COM"
+principal = "cli@TEST.HADOOP.COM"
 
-res = subprocess.call(["kinit", "-kt", "client/cli.keytab", principal])
+res = subprocess.call(["kinit", "-kt", "cli.keytab", principal])
 subprocess.call(["klist"])
 
 name = gssapi.Name(principal)

sample/kinit_client.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash 
+#
+
+export KRB5CCNAME=/tmp/krb5cc_cli_1000
+export KRB5_CONFIG="/home/zeekling/project/gitea/kerberosTest/sample/krb5.conf"
+
+kinit -kt ./cli.keytab cli
+
+klist

sample/kinit_server.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash 
+#
+
+export KRB5CCNAME=/tmp/krb5_server_1000
+export KRB5_CONFIG="/home/zeekling/project/gitea/kerberosTest/sample/krb5.conf"
+
+kinit -kt ./hadoop.keytab server/hadoop.test.hadoop.com@TEST.HADOOP.COM
+
+klist

sample/krb5.conf

@@ -0,0 +1,18 @@
+[logging]
+default = FILE:/var/log/krb5libs.log
+kdc = FILE:/var/log/krb5kdc.log
+admin_server = FILE:/var/log/kadmind.log
+
+[libdefaults]
+default_realm = TEST.HADOOP.COM
+dns_lookup_realm = false
+dns_lookup_kdc = false
+ticket_lifetime = 24h
+renew_lifetime = 7d
+forwardable = true
+
+[realms]
+TEST.HADOOP.COM = {
+  kdc = krb5-kdc-server:88
+  admin_server = krb5-kdc-server
+}

sample/sample-client.c

@@ -12,13 +12,13 @@
 char buf[SAMPLE_SEC_BUF_SIZE];
 
 static sasl_conn_t *conn = NULL;
-const char *realm = "TEST.COM";
+const char *realm = "TEST.HADOOP.COM";
 const char *mech = "GSSAPI";
 const char *iplocal = "127.0.0.1";
 const char *ipremote = "127.0.0.1";
 char *searchpath = NULL;
 const char *service = "server";
-const char *fqdn = "hadoop.test.com";
+const char *fqdn = "hadoop.test.hadoop.com";
 int cfd;
 
 int init_sasl() {

sample/sample-server.c

@@ -60,7 +60,7 @@ kClient *createClient(int fp) {
 
 int auth_client(kClient *c) {
     if (!c->begin_auth) {
-        int result = sasl_server_new(server, "hadoop.test.com", "TEST.COM", NULL, NULL, NULL, 0, &c->conn);
+        int result = sasl_server_new(server, "hadoop.test.hadoop.com", "TEST.HADOOP.COM", NULL, NULL, NULL, 0, &c->conn);
         if (result != SASL_OK) {
             printf("Allocating sasl connection state, %s\n", sasl_errdetail(c->conn));
             return 1;

sample/server.py

@@ -22,16 +22,16 @@ def recv_data(cli:socket):
 
 
 # 设置环境变量
-principal = "server/hadoop.test.com@TEST.COM"
+principal = "server/hadoop.test.hadoop.com@TEST.HADOOP.COM"
 curr_path = os.getcwd()
-os.environ["KRB5_CONFIG"] = curr_path + "/server/krb5.conf"
-os.environ["KRB5_KTNAME"] = curr_path + "/server/hadoop.keytab"
-os.environ["KRB5CCNAME"] = "/tmp/krb5cc_hadoop_1000"
+os.environ["KRB5_CONFIG"] = curr_path + "/krb5.conf"
+os.environ["KRB5_KTNAME"] = curr_path + "/hadoop.keytab"
+os.environ["KRB5CCNAME"] = "/tmp/krb5_server_1000"
 os.environ["KRB5_TRACE"] = "/tmp/server.log"
 
 kinit_res = subprocess.call(["kinit", "-kt", os.environ["KRB5_KTNAME"], principal])
 klist_res = subprocess.call(["klist"])
-name = gssapi.Name("server/hadoop.test.com", name_type=gssapi.NameType.kerberos_principal)
+name = gssapi.Name("server/hadoop.test.hadoop.com", name_type=gssapi.NameType.kerberos_principal)
 cname = name.canonicalize(gssapi.MechType.kerberos)
 print(cname)