* default.exp: Mark as unused the test passes that won't

	accomplish anything due to disabling of SUPPORT_DESMD5 in the
	code.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13869 dc483132-0cff-0310-8789-dd5450dbe970

2 files changed, 51 insertions, 32 deletions

diff --git a/src/tests/dejagnu/config/ChangeLog b/src/tests/dejagnu/config/ChangeLog
index b22a999a84..728b8f3d60 100644
--- a/src/tests/dejagnu/config/ChangeLog
+++ b/src/tests/dejagnu/config/ChangeLog
@@ -1,3 +1,9 @@
+2001-10-27  Tom Yu  <tlyu@mit.edu>
+
+	* default.exp: Mark as unused the test passes that won't
+	accomplish anything due to disabling of SUPPORT_DESMD5 in the
+	code.
+
 2001-10-24  Tom Yu  <tlyu@mit.edu>
 
 	* default.exp: Add support for setting SUPPORT_DESMD5 flag on the
diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
index bae972be20..9c26424964 100644
--- a/src/tests/dejagnu/config/default.exp
+++ b/src/tests/dejagnu/config/default.exp
@@ -28,23 +28,20 @@ set kdc_supported_enctypes "des-cbc-crc:normal"
 # dependency of various bugs on configuration file settings,
 # particularly with regards to encryption types.
 
-# The des.md5-tgt pass will fail if enctype similarity is inconsisent;
-# between 1.0.x and 1.1, the decrypt functions became more strict
-# about matching enctypes, while the KDB retrieval functions didn't
-# coerce the enctype to match what was requested.  It works by setting
-# SUPPORT_DESMD5 on the TGT principal, forcing an enctype of
-# des-cbc-md5 on the TGT key.  Since the database only contains a
-# des-cbc-crc key, the decrypt will fail if enctypes are not coerced.
-
 # The des.no-kdc-md5 pass will fail if the KDC does not constrain
 # session key enctypes to those in its permitted_enctypes list.  It
 # works by assuming enctype similarity, thus allowing the client to
 # request a des-cbc-md4 session key.  Since only des-cbc-crc is in the
 # KDC's permitted_enctypes list, the TGT will be unusable.
 
+# The des.des3-tgt.no-kdc-des3 pass will fail if the KDC doesn't
+# constrain ticket key enctypes to those in permitted_enctypes.  It
+# does this by not putting des3 in the permitted_enctypes, while
+# creating a TGT princpal that has a des3 key as well as a des key.
+
 # XXX -- master_key_type is fragile w.r.t. permitted_enctypes; it is
 # possible to configure things such that you have a master_key_type
-# that is not permitted, and the error message is cryptic.
+# that is not permitted, and the error message used to be cryptic.
 
 set passes {
     {
@@ -80,16 +77,6 @@ set passes {
 	{dummy=[verbose -log "DES3 TGT, many DES3 + DES enctypes"]}
     }
     {
-	des.md5-tgt
-	des3_krbtgt=0
-	tgt_support_desmd5=1
-	supported_enctypes=des-cbc-crc:normal
-	kdc_supported_enctypes=des-cbc-crc:normal
-	{permitted_enctypes(kdc)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
-	{permitted_enctypes(client)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
-	{dummy=[verbose -log "DES TGT, SUPPORTS_DESMD5"]}
-    }
-    {
 	des.no-kdc-md5
 	des3_krbtgt=0
 	tgt_support_desmd5=0
@@ -103,19 +90,6 @@ set passes {
 		"DES TGT, KDC permitting only des-cbc-crc"]}
     }
     {
-	des.md5-tgt.no-kdc-md5
-	des3_krbtgt=0
-	tgt_support_desmd5=1
-	{permitted_enctypes(kdc)=des-cbc-crc}
-	{default_tgs_enctypes(client)=des-cbc-crc}
-	{default_tkt_enctypes(client)=des-cbc-crc}
-	{supported_enctypes=des-cbc-crc:normal}
-	{kdc_supported_enctypes=des-cbc-crc:normal}
-	{master_key_type=des-cbc-crc}
-	{dummy=[verbose -log \
-		"DES TGT, SUPPORTS_DESMD5, KDC permitting only des-cbc-crc"]}
-    }
-    {
 	des.des3-tgt.no-kdc-des3
 	tgt_support_desmd5=0
 	{permitted_enctypes(kdc)=des-cbc-crc}
@@ -129,6 +103,22 @@ set passes {
     }
 }
 
+# des.md5-tgt is set as unused, since it won't trigger the error case
+# if SUPPORT_DESMD5 isn't honored.
+
+# The des.md5-tgt pass will fail if enctype similarity is inconsisent;
+# between 1.0.x and 1.1, the decrypt functions became more strict
+# about matching enctypes, while the KDB retrieval functions didn't
+# coerce the enctype to match what was requested.  It works by setting
+# SUPPORT_DESMD5 on the TGT principal, forcing an enctype of
+# des-cbc-md5 on the TGT key.  Since the database only contains a
+# des-cbc-crc key, the decrypt will fail if enctypes are not coerced.
+
+# des.no-kdc-md5.client-md4-skey is retained in unsed_passes, even
+# though des.no-kdc-md5 is roughly equivalent, since the associated
+# comment needs additional investigation at some point re the kadmin
+# client.
+
 # The des.no-kdc-md5.client-md4-skey will fail on TGS requests due to
 # the KDC issuing session keys that it won't accept.  It will also
 # fail for a kadmin client, but for different reasons, since the kadm5
@@ -139,6 +129,29 @@ set passes {
 
 set unused_passes {
     {
+	des.md5-tgt
+	des3_krbtgt=0
+	tgt_support_desmd5=1
+	supported_enctypes=des-cbc-crc:normal
+	kdc_supported_enctypes=des-cbc-crc:normal
+	{permitted_enctypes(kdc)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
+	{permitted_enctypes(client)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
+	{dummy=[verbose -log "DES TGT, SUPPORTS_DESMD5"]}
+    }
+    {
+	des.md5-tgt.no-kdc-md5
+	des3_krbtgt=0
+	tgt_support_desmd5=1
+	{permitted_enctypes(kdc)=des-cbc-crc}
+	{default_tgs_enctypes(client)=des-cbc-crc}
+	{default_tkt_enctypes(client)=des-cbc-crc}
+	{supported_enctypes=des-cbc-crc:normal}
+	{kdc_supported_enctypes=des-cbc-crc:normal}
+	{master_key_type=des-cbc-crc}
+	{dummy=[verbose -log \
+		"DES TGT, SUPPORTS_DESMD5, KDC permitting only des-cbc-crc"]}
+    }
+    {
 	des.no-kdc-md5.client-md4-skey
 	des3_krbtgt=0
 	{permitted_enctypes(kdc)=des-cbc-crc}