kstart 4.2 (unreleased)
+ k5start, when run with the -K option to run as a daemon, no longer
+ exits if the initial authentication fails (unless -x was given).
+ Instead, it reports the error to standard error and then continues to
+ run, attempting authentication every minute as if authentication had
+ failed after it had started. Patch from Rasmus Borup Hansen.
+
If -i is given to krenew and the initial ticket renewal failed, start
with the shorter wake-up interval of one minute just as if a
subsequent renewal failed. Patch from Rasmus Borup Hansen.
select (undef, undef, undef, 0.2);
ok (!-f "$TMP/pid", ' and the PID file was removed');
+# Try again with an initial authentication failure and ensure that k5start
+# keeps running anyway.
+unlink "$TMP/krb5cc_test";
+($out, $err, $status)
+ = command ($K5START, '-bK', 1, '-f', "$DATA/test.keytab-BAD", '-p',
+ "$TMP/pid", $principal);
+is ($status, 0, 'Backgrounding k5start with bad keytab works');
+like ($err, qr/^k5start: error getting credentials: /, ' with error output');
+is ($out, '', ' and -q was added implicitly');
+$pid = contents ("$TMP/pid");
+ok (kill (0, $pid), ' and the PID file is correct');
+kill (15, $pid) or warn "Can't kill $pid: $!\n";
+select (undef, undef, undef, 0.2);
+ok (!-f "$TMP/pid", ' and the PID file was removed');
+
+# Providing -x should override that behavior and cause the daemon to refuse
+# to start.
+unlink "$TMP/krb5cc_test";
+($out, $err, $status)
+ = command ($K5START, '-bxK', 1, '-f', "$DATA/test.keytab-BAD", '-p',
+ "$TMP/pid", $principal);
+is ($status, 1, 'Backgrounding k5start -x with bad keytab fails');
+like ($err, qr/^k5start: error getting credentials: /, ' with error output');
+is ($out, '', ' and -q was added implicitly');
+if ($status == 0) {
+ $pid = contents ("$TMP/pid");
+ kill (15, $pid) or warn "Can't kill $pid: $!\n";
+}
+
# Check that k5start keeps running if the ticket cache directory is not
# writeable.
$pid = fork;
projects / kerberos / kstart.git / commitdiff