diff options
| author | Greg Hudson <ghudson@mit.edu> | 2013-05-23 15:33:58 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-05-27 12:49:34 -0400 |
| commit | f3458ed803ae97b6c6c7c63baeb82b26c4943d4c (patch) | |
| tree | 371945b9e3ccc374f4a4211de295b99fd7669ae2 /src/tests/t_general.py | |
| parent | 1e123231769fe640f446442cb210664d280ccbac (diff) | |
| download | krb5-f3458ed803ae97b6c6c7c63baeb82b26c4943d4c.tar.gz krb5-f3458ed803ae97b6c6c7c63baeb82b26c4943d4c.tar.xz krb5-f3458ed803ae97b6c6c7c63baeb82b26c4943d4c.zip | |
Make empty passwords work via init_creds APIs
In the gak_data value used by krb5_get_as_key_password, separate the
already-known password from the storage we might have allocated to put
it in, so that we no longer use an empty data buffer to determine
whether we know the password. This allows empty passwords to work via
the API.
Remove the kadm5 test which explicitly uses an empty password.
Based on a patch from Stef Walter.
ticket: 7642
Diffstat (limited to 'src/tests/t_general.py')
| -rwxr-xr-x | src/tests/t_general.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/tests/t_general.py b/src/tests/t_general.py index bb7a543c75..98e77a2f74 100755 --- a/src/tests/t_general.py +++ b/src/tests/t_general.py @@ -22,6 +22,15 @@ for realm in multipass_realms(create_host=False): # Test kinit against kdb keytab realm.run([kinit, "-k", "-t", "KDB:", realm.user_princ]) +# Test that we can get initial creds with an empty password via the +# API. We have to disable the "empty" pwqual module to create a +# principal with an empty password. (Regression test for #7642.) +conf={'plugins': {'pwqual': {'disable': 'empty'}}} +realm = K5Realm(create_user=False, create_host=False, krb5_conf=conf) +realm.run_kadminl('addprinc -pw "" user') +realm.run(['./t_init_creds', 'user', '']) +realm.stop() + realm = K5Realm(create_host=False) # Spot-check KRB5_TRACE output |