I've spent nearly the whole day on making it work :-), but also on tuning KerberosTestClient a bit for the test to easily assert it is 401 in case of quarkus-kerberos failing to authenticate (as opposed to returning 401 with more negotiate data).
The problem with using the devservices container for the dev mode test is that after it restarts something is going out of sync, if the realm changes, something is being cached at the Java API/JAAS level.
The fact that only a system property can be used to set the KRB file path is making it tricky to use the devservices container with a restart though it might be also to do with some JAAS config properties. It can be investigated further
So in the end I just used Apache DS :-), this is fine for now.
Tomorrow (hopefully :-)) I'll add the docs and it will be ready to go for 0.4.0
I've spent nearly the whole day on making it work :-), but also on tuning
KerberosTestClient
a bit for the test to easily assert it is 401 in case ofquarkus-kerberos
failing to authenticate (as opposed to returning 401 with more negotiate data).The problem with using the devservices container for the dev mode test is that after it restarts something is going out of sync, if the realm changes, something is being cached at the Java API/JAAS level. The fact that only a system property can be used to set the KRB file path is making it tricky to use the devservices container with a restart though it might be also to do with some JAAS config properties. It can be investigated further
So in the end I just used Apache DS :-), this is fine for now.
Tomorrow (hopefully :-)) I'll add the docs and it will be ready to go for 0.4.0