Addition of a pamtester test

.github/workflows/pamtester.yml

@@ -0,0 +1,20 @@
+---
+name: pamtester run of pam_krb5_cc_move
+on: [push]
+jobs:
+ pamtester:
+ runs-on: ubuntu-latest
+ steps:
+ - run: sudo apt install pamtester gcc make libpam-dev libkrb5-dev krb5-user krb5-k5tls
+ - uses: actions/checkout@v4
+ - run: make
+ - run: sudo make install INSTALLDIR=/usr/lib/x86_64-linux-gnu/security
+ - run: sudo cp pamtester/krb5_cc_move /etc/pam.d/krb5_cc_move
+ - run: cp pamtester/expired_kerberos_token /tmp/source
+ - run: klist -f /tmp/source
+ - run: sudo adduser testuser
+ - run: sudo chown testuser /tmp/source
+ - run: sudo pamtester -v krb5_cc_move testuser open_session
+ - run: journalctl -n 50
+ - run: ls -l /tmp/destination
+ - run: sudo -u testuser klist -f /tmp/destination

pamtester/krb5.conf

@@ -0,0 +1,25 @@
+# This file is managed by Puppet. DO NOT EDIT.
+includedir /etc/krb5.conf.d
+
+[libdefaults]
+ default_realm = CERN.CH
+ default_ccache_name = KCM:
+ default_tkt_enctypes = aes256-cts-hmac-sha1-96 aes256-cts-hmac-sha384-192 aes128-cts-hmac-sha1-96 aes128-cts-hmac-sha256-128
+ allow_weak_crypto = true
+ dns_canonicalize_hostname = true
+ ticket_lifetime = 25h
+ renew_lifetime = 120h
+ forwardable = true
+ proxiable = true
+ rdns = false
+
+[realms]
+ CERN.CH = {
+ default_domain = cern.ch 
+ admin_server = cerndc.cern.ch
+ kdc = cerndc.cern.ch 
+ }
+
+[domain_realm]
+ CERN.CH = .cern.ch
+