pac testing

client/client_integration_test.go

@@ -52,6 +52,19 @@ func TestClient_SuccessfulLogin_OlderKDC(t *testing.T) {
 	}
 }
 
+func TestClient_SuccessfulLogin_AD(t *testing.T) {
+	b, err := hex.DecodeString(testdata.TESTUSER1_KEYTAB)
+	kt, _ := keytab.Parse(b)
+	c, _ := config.NewConfigFromString(testdata.TEST_KRB5CONF_AD)
+	cl := NewClientWithKeytab("testuser1", "TEST.GOKRB5", kt)
+	cl.WithConfig(c)
+
+	err = cl.Login()
+	if err != nil {
+		t.Fatalf("Error on login: %v\n", err)
+	}
+}
+
 func TestClient_FailedLogin(t *testing.T) {
 	b, err := hex.DecodeString(testdata.TESTUSER1_WRONGPASSWD)
 	kt, _ := keytab.Parse(b)

keytab/keytab.go

@@ -5,6 +5,7 @@ import (
 	"bytes"
 	"encoding/binary"
 	"errors"
+	"fmt"
 	"github.com/jcmturner/gokrb5/types"
 	"io/ioutil"
 	"time"
@@ -62,7 +63,7 @@ func (kt *Keytab) GetEncryptionKey(nameString []string, realm string, kvno, etyp
 		}
 	}
 	if len(key.KeyValue) < 1 {
-		return key, errors.New("Matching key not found in keytab")
+		return key, fmt.Errorf("Matching key not found in keytab. Looking for %v realm: %v kvno: %v etype: %v", nameString, realm, kvno, etype)
 	}
 	return key, nil
 }

testdata/test_vectors.go

@@ -187,6 +187,27 @@ const (
   default_domain = test.gokrb5
  }
 
+[domain_realm]
+ .test.gokrb5 = TEST.GOKRB5
+ test.gokrb5 = TEST.GOKRB5
+ `
+	TEST_KRB5CONF_AD = `[libdefaults]
+  default_realm = TEST.GOKRB5
+  dns_lookup_realm = false
+  dns_lookup_kdc = false
+  ticket_lifetime = 24h
+  forwardable = yes
+  default_tkt_enctypes = aes256-cts-hmac-sha1-96
+  default_tgs_enctypes = aes256-cts-hmac-sha1-96
+  udp_preference_limit = 1
+
+[realms]
+ TEST.GOKRB5 = {
+  kdc = 10.80.88.68:88
+  admin_server = 10.80.88.68:749
+  default_domain = test.gokrb5
+ }
+
 [domain_realm]
  .test.gokrb5 = TEST.GOKRB5
  test.gokrb5 = TEST.GOKRB5