is anyone aware of any embeddable Kerberos servers (KDC / KAdmin), which are written in Java and may run just within the JVM process (something like Hadoop minicluster or embedded LDAP servers)?
My goal it to let people run integ tests requiring Kerberos authentication without having to install local kerberos server/configure remote server and connection to it.
You can give Apache Directory Server (http://directory.apache.org/) a try. It supports LDAP and Kerberos. See this example:
http://svn.apache.org/repos/asf/directory/apacheds/trunk/kerberos-test/src/test/java/org/apache/directory/server/kerberos/kdc/SaslGssapiBindITest.java
I was/am looking for such a thing too but this is simply not really possible because you will need a fully functional DNS server for this. A fully decoupled system is necessary. You can achieve this via the virtualization-maven-plugin and a group of virtual machines in VirtualBox with an internal network.
LDAP servers won't help you at all because they do absolutely nothing with GSS-API and Kerberos. SASL does everything by delegating auth to the next available KDC.
You need KDC and DNS server. You may try Samba 4 on one machine, setup a second one which joins the domain. Install Hadoop on it, add a third one (client), join and run tests from there.
It seems like you can have Apache DS mimic a KDC: http://directory.apache.org/apacheds/configuration/ads-2.0-configuration.html
I have a written an Embedded LDAP for similar purpose and also to you can use it for testing with Kerberos, spcially useful for cases like testing Hadoop Kerberos testing.
https://github.com/krishdey/EmbeddedLdapKDC
You may also look at the class for writing embedded JUnit testing https://github.com/krishdey/EmbeddedLdapKDC/blob/master/EmbeddedLdapKDC/src/test/java/com/krish/ead/server/KerberosLdapIntegrationTest.java
Might be useful for you.
Hadoop publishes a MiniKdc class which can be used. From the MiniKdc class doc comment:
Mini KDC based on Apache Directory Server that can be embedded in testcases or used from command line as a standalone KDC.
https://mvnrepository.com/artifact/org.apache.hadoop/hadoop-minikdc
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 傲 的文章《Java-written embedded Kerberos server for testing》','https://www.manongdao.com/article-666789.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}