diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-07-18 20:46:35 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-07-18 20:46:35 -0400 |
| commit | 2757800b5b0043b635634fad0551d07c112ab54a (patch) | |
| tree | 6c68be79d6b2c888821bc95787b5428885490109 /src/tests/t_anonpkinit.py | |
| parent | a654a7d9d6145256ce1b01a3f4c80884a8ba93d6 (diff) | |
| download | krb5-2757800b5b0043b635634fad0551d07c112ab54a.tar.gz krb5-2757800b5b0043b635634fad0551d07c112ab54a.tar.xz krb5-2757800b5b0043b635634fad0551d07c112ab54a.zip | |
Combine PKINIT test scripts
Diffstat (limited to 'src/tests/t_anonpkinit.py')
| -rw-r--r-- | src/tests/t_anonpkinit.py | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/src/tests/t_anonpkinit.py b/src/tests/t_anonpkinit.py deleted file mode 100644 index 03b2fdd686..0000000000 --- a/src/tests/t_anonpkinit.py +++ /dev/null @@ -1,42 +0,0 @@ -#!/usr/bin/python -from k5test import * - -# Skip this test if pkinit wasn't built. -if not os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so')): - success('Warning: not testing pkinit because it is not built') - exit(0) - -# Construct a krb5.conf fragment configuring pkinit. -certs = os.path.join(srctop, 'tests', 'dejagnu', 'pkinit-certs') -ca_pem = os.path.join(certs, 'ca.pem') -kdc_pem = os.path.join(certs, 'kdc.pem') -privkey_pem = os.path.join(certs, 'privkey.pem') -pkinit_krb5_conf = { - 'libdefaults': { - 'pkinit_anchors': 'FILE:' + ca_pem}, - 'realms': {'$realm': { - 'pkinit_anchors': 'FILE:%s' % ca_pem, - 'pkinit_identity': 'FILE:%s,%s' % (kdc_pem, privkey_pem)}}} - -restrictive_kdc_conf = { - 'realms': {'$realm' : { - 'restrict_anonymous_to_tgt': 'true' }}} - -# In the basic test, anonymous is not restricted, so kvno should succeed. -realm = K5Realm(krb5_conf=pkinit_krb5_conf, create_user=False) -realm.addprinc('WELLKNOWN/ANONYMOUS') -realm.kinit('@%s' % realm.realm, flags=['-n']) -realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS') -realm.run([kvno, realm.host_princ]) -realm.stop() - -# Now try again with anonymous restricted; kvno should fail. -realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=restrictive_kdc_conf, - create_user=False) -realm.addprinc('WELLKNOWN/ANONYMOUS') -realm.kinit('@%s' % realm.realm, flags=['-n']) -# now try FAST -realm.kinit('@%s' % realm.realm, flags=['-n', '-T', realm.ccache]) -realm.run([kvno, realm.host_princ], expected_code=1) - -success('Anonymous PKINIT') |