简体繁体 English

用于测试的Java编写的嵌入式Kerberos服务器

[英]Java-written embedded Kerberos server for testing

原文 2013-01-18 21:40:25 7 4 java/ integration-testing/ kerberos

is anyone aware of any embeddable Kerberos servers (KDC / KAdmin), which are written in Java and may run just within the JVM process (something like Hadoop minicluster or embedded LDAP servers)? 是否有人知道任何可嵌入的Kerberos服务器（KDC / KAdmin），它们是用Java编写的，可以在JVM进程中运行（类似于Hadoop minicluster或嵌入式LDAP服务器）？

My goal it to let people run integ tests requiring Kerberos authentication without having to install local kerberos server/configure remote server and connection to it. 我的目标是让人们运行需要Kerberos身份验证的集成测试，而无需安装本地kerberos服务器/配置远程服务器并连接到它。

4 个解决方案

You can give Apache Directory Server ( http://directory.apache.org/ ) a try. 您可以试试Apache Directory Server（ http://directory.apache.org/ ）。 It supports LDAP and Kerberos. 它支持LDAP和Kerberos。 See this example: 看这个例子：

http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java

I was/am looking for such a thing too but this is simply not really possible because you will need a fully functional DNS server for this. 我/我正在寻找这样的东西，但这根本不可能，因为你需要一个功能齐全的DNS服务器。 A fully decoupled system is necessary. 完全解耦的系统是必要的。 You can achieve this via the virtualization-maven-plugin and a group of virtual machines in VirtualBox with an internal network. 您可以通过virtual -maven-plugin和VirtualBox中的一组虚拟机以及内部网络实现此目的。

LDAP servers won't help you at all because they do absolutely nothing with GSS-API and Kerberos. LDAP服务器根本无法帮助您，因为它们对GSS-API和Kerberos完全没有任何帮助。 SASL does everything by delegating auth to the next available KDC. SASL通过将auth委派给下一个可用的KDC来完成所有工作。

You need KDC and DNS server. 您需要KDC和DNS服务器。 You may try Samba 4 on one machine, setup a second one which joins the domain. 您可以在一台计算机上尝试Samba 4，设置第二台加入域的计算机。 Install Hadoop on it, add a third one (client), join and run tests from there. 在其上安装Hadoop，添加第三个（客户端），从那里加入并运行测试。

It seems like you can have Apache DS mimic a KDC: http://directory.apache.org/apacheds/configuration/ads-2.0-configuration.html 看起来你可以让Apache DS模仿KDC： http ： //directory.apache.org/apacheds/configuration/ads-2.0-configuration.html

I have a written an Embedded LDAP for similar purpose and also to you can use it for testing with Kerberos, spcially useful for cases like testing Hadoop Kerberos testing. 我有一个用于类似目的的嵌入式LDAP编写，您也可以使用它来测试Kerberos，这对于测试Hadoop Kerberos测试等情况非常有用。

https://github.com/krishdey/EmbeddedLdapKDC https://github.com/krishdey/EmbeddedLdapKDC

You may also look at the class for writing embedded JUnit testing https://github.com/krishdey/EmbeddedLdapKDC/blob/master/EmbeddedLdapKDC/src/test/java/com/krish/ead/server/KerberosLdapIntegrationTest.java 您还可以查看编写嵌入式JUnit测试的类https://github.com/krishdey/EmbeddedLdapKDC/blob/master/EmbeddedLdapKDC/src/test/java/com/krish/ead/server/KerberosLdapIntegrationTest.java

Might be useful for you. 可能对你有用。

Hadoop publishes a MiniKdc class which can be used. Hadoop发布了一个可以使用的MiniKdc类。 From the MiniKdc class doc comment: 从MiniKdc类doc评论：

Mini KDC based on Apache Directory Server that can be embedded in testcases or used from command line as a standalone KDC. 基于Apache Directory Server的Mini KDC，可以嵌入到测试用例中，也可以作为独立的KDC从命令行使用。

https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-minikdc https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-minikdc