From 52a4c6651d88a36041777842dd2f6b9b52174136 Mon Sep 17 00:00:00 2001
From: Steve Traylen <steve.traylen@cern.ch>
Date: Fri, 12 Jan 2024 10:15:13 +0100
Subject: [PATCH] psush

---
 .github/workflows/pamtester.yml |  2 +-
 pamtester/krb5.conf             | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 pamtester/krb5.conf

diff --git a/.github/workflows/pamtester.yml b/.github/workflows/pamtester.yml
index 32fc23f..0cad77d 100644
--- a/.github/workflows/pamtester.yml
+++ b/.github/workflows/pamtester.yml
@@ -17,4 +17,4 @@ jobs:
       - run: sudo chown testuser /tmp/source
       - run: sudo pamtester -v krb5_cc_move testuser open_session
       - run: journalctl -n 100
-      - run: klist -f /tmp/destination
+      - run: sudo -u test  klist -f /tmp/destination
diff --git a/pamtester/krb5.conf b/pamtester/krb5.conf
new file mode 100644
index 0000000..e97b6f1
--- /dev/null
+++ b/pamtester/krb5.conf
@@ -0,0 +1,25 @@
+# This file is managed by Puppet. DO NOT EDIT.
+includedir /etc/krb5.conf.d
+
+[libdefaults]
+    default_realm = CERN.CH
+    default_ccache_name = KCM:
+    default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha256-128
+    allow_weak_crypto = true
+    dns_canonicalize_hostname = true
+    ticket_lifetime = 25h
+    renew_lifetime = 120h
+    forwardable = true
+    proxiable = true
+    rdns = false
+
+[realms]
+    CERN.CH = {
+        default_domain = cern.ch 
+        admin_server = cerndc.cern.ch
+        kdc = cerndc.cern.ch    
+    }
+
+[domain_realm]
+    CERN.CH = .cern.ch
+