Tests: LDAP+KRB5 krb_misc tests by madhuriupadhye · Pull Request #8612 · SSSD/sssd

madhuriupadhye · 2026-04-16T14:49:33Z

Ported following test case:

kpasswd: BZ 847039: login works when krb5_kpasswd is unresolvable (kpasswd not needed for auth).
high UID: BZ 798655: auth and logs stay clean with a setuid(-1) helper process running.
password change: GH 677: SSH passwd with chpass_provider=krb5 logs initial auth in krb5_child.log.

gemini-code-assist

Code Review

This pull request introduces several new system tests for Kerberos authentication in SSSD, covering scenarios such as unresolvable kpasswd servers, authentication stability when processes with high UIDs (specifically -1) are running, and password changes via SSH. The review feedback suggests improving the robustness of process cleanup by using specific PIDs instead of pkill and recommends truncating log files before performing assertions to ensure test isolation and accuracy.

madhuriupadhye · 2026-04-20T15:50:32Z

/packit test

madhuriupadhye · 2026-04-20T16:59:05Z

/test-system-scoped

madhuriupadhye · 2026-04-20T17:19:59Z

/test-system-scoped

aplopez

LGTM

spoore1

This looks good. Most of my comments/questions/suggestions are small things.

spoore1

LGTM. Thanks for the updates.

spoore1 · 2026-04-27T15:56:17Z

FYI, I removed accepted label to get a full ci run in the accepted message.

Ported following test case: - kpasswd: BZ 847039: login works when krb5_kpasswd is unresolvable (kpasswd not needed for auth). - high UID: BZ 798655: auth and logs stay clean with a setuid(-1) helper process running. - password change: GH 677: SSH passwd with chpass_provider=krb5 logs initial auth in krb5_child.log. Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Alejandro López <allopez@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com>

sssd-bot · 2026-04-27T16:28:48Z

The pull request was accepted by @spoore1 with the following PR CI status:

There are unsuccessful or unfinished checks. Make sure that the failures are not related to this pull request before merging.

Ported following test case: - kpasswd: BZ 847039: login works when krb5_kpasswd is unresolvable (kpasswd not needed for auth). - high UID: BZ 798655: auth and logs stay clean with a setuid(-1) helper process running. - password change: GH 677: SSH passwd with chpass_provider=krb5 logs initial auth in krb5_child.log. Backporting of SSSD#8612 Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com> Reviewed-by: Scott Poore <spoore@redhat.com>

Ported following test case: - kpasswd: BZ 847039: login works when krb5_kpasswd is unresolvable (kpasswd not needed for auth). - high UID: BZ 798655: auth and logs stay clean with a setuid(-2) helper process running. - password change: GH 677: SSH passwd with chpass_provider=krb5 logs initial auth in krb5_child.log. Backporting of SSSD#8612 Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>

madhuriupadhye added Tests backport-to-sssd-2-11 backport-to-sssd-2-12 labels Apr 16, 2026

gemini-code-assist Bot reviewed Apr 16, 2026

View reviewed changes

Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated

Comment thread src/tests/system/tests/test_ldap_krb5.py

madhuriupadhye force-pushed the ldap_krb3 branch 6 times, most recently from d712a93 to 440eba8 Compare April 20, 2026 09:59

madhuriupadhye force-pushed the ldap_krb3 branch from 440eba8 to 1cd2c88 Compare April 20, 2026 16:10

madhuriupadhye force-pushed the ldap_krb3 branch 2 times, most recently from 3247d28 to 93efea5 Compare April 22, 2026 06:59

madhuriupadhye assigned spoore1 Apr 22, 2026

madhuriupadhye requested review from aplopez and spoore1 April 22, 2026 12:57

madhuriupadhye assigned aplopez Apr 22, 2026

madhuriupadhye force-pushed the ldap_krb3 branch 4 times, most recently from dc1f92f to 10d0c97 Compare April 23, 2026 14:17

madhuriupadhye added the Waiting for review label Apr 23, 2026

aplopez reviewed Apr 24, 2026

View reviewed changes

Comment thread src/tests/system/tests/test_ldap_krb5.py Outdated

aplopez approved these changes Apr 24, 2026

View reviewed changes

spoore1 requested changes Apr 27, 2026

View reviewed changes

madhuriupadhye force-pushed the ldap_krb3 branch from 10d0c97 to 4192055 Compare April 27, 2026 14:49

madhuriupadhye requested a review from spoore1 April 27, 2026 14:50

spoore1 approved these changes Apr 27, 2026

View reviewed changes

spoore1 added Accepted and removed Waiting for review labels Apr 27, 2026

sssd-bot force-pushed the ldap_krb3 branch from 4192055 to 992637b Compare April 27, 2026 15:11

spoore1 removed the Accepted label Apr 27, 2026

SSSD deleted a comment from sssd-bot Apr 27, 2026

madhuriupadhye force-pushed the ldap_krb3 branch from 992637b to 4192055 Compare April 27, 2026 15:26

spoore1 added the Accepted label Apr 27, 2026

sssd-bot force-pushed the ldap_krb3 branch from 4192055 to 4a75382 Compare April 27, 2026 16:28

spoore1 merged commit 20eeac6 into SSSD:master Apr 27, 2026
15 checks passed

This was referenced Apr 27, 2026

[autobackport: sssd-2-11] Tests: LDAP+KRB5 krb_misc tests #8651

Closed

[autobackport: sssd-2-12] Tests: LDAP+KRB5 krb_misc tests #8652

Open

madhuriupadhye mentioned this pull request Apr 28, 2026

Tests: LDAP+KRB5 krb_misc tests #8655

Open

Conversation

madhuriupadhye commented Apr 16, 2026

Uh oh!

gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

Code Review

Uh oh!

Uh oh!

Uh oh!

madhuriupadhye commented Apr 20, 2026

Uh oh!

madhuriupadhye commented Apr 20, 2026

Uh oh!

madhuriupadhye commented Apr 20, 2026

Uh oh!

Uh oh!

aplopez left a comment

Choose a reason for hiding this comment

Uh oh!

spoore1 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

spoore1 left a comment

Choose a reason for hiding this comment

Uh oh!

spoore1 commented Apr 27, 2026

Uh oh!

sssd-bot commented Apr 27, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants