Subject: | KEYRING ccache tests can fail if session key is revoked |
Chris Hecker reported a case where the lib/krb5/ccache tests fail
when running t_cc, with the error "new_unique: Key has been revoked".
This case appears to have arisen from having a revoked session
keyring in the calling shell:
# keyctl show
Session Keyring
-3: key inaccessible (Key has been revoked)
Since "make check" is supposed to be adaptive to its environment, we
should ideally either detect this state and skip KEYRING tests, or
run all KEYRING tests inside a "keyctl session" wrapper.
(I can produce a similar state with "keyctl revoke @s", although when
I do so, t_cccol.py fails before t_cc gets run by make check.)
http://mailman.mit.edu/pipermail/krbdev/2017-December/012884.html
when running t_cc, with the error "new_unique: Key has been revoked".
This case appears to have arisen from having a revoked session
keyring in the calling shell:
# keyctl show
Session Keyring
-3: key inaccessible (Key has been revoked)
Since "make check" is supposed to be adaptive to its environment, we
should ideally either detect this state and skip KEYRING tests, or
run all KEYRING tests inside a "keyctl session" wrapper.
(I can produce a similar state with "keyctl revoke @s", although when
I do so, t_cccol.py fails before t_cc gets run by make check.)
http://mailman.mit.edu/pipermail/krbdev/2017-December/012884.html