| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The initial k5test.py design, copied from the dejagnu suite, is to
create config files and environments for four expected roles: client,
server, master, and slave. This approach exaggerates the complexity
of the common case, where the configurations don't need to vary, and
limits us to having just one slave for kprop/iprop tests.
Instead, create just one configuration by default, and add a
special_env() method which sets up a differently configured
environment for the few test cases which need one. The run_as_*()
methods are collapsed into just run(), which accepts an optional
argument for the environment returned by special_env().
|
| |
|
|
|
|
|
|
|
| |
We must check that 'kinit -t keytab' and 'kinit -i' successfully
produce tickets, and have the specified warning output.
ticket: 7218
tags: pullup
target_version: 1.11
|
| |
|
|
|
|
|
| |
Make the default_keytab_name and default_client_keytab_name variables
subject to parameter expansion.
ticket: 7219 (new)
|
| |
|
|
|
|
|
|
|
| |
In combination with -k, -i will cause kinit or klist to use the
default client keytab instead of the default acceptor keytab. This
gives an easy way to figure out what default client keytab name is in
use and to get credentials using it.
ticket: 7216 (new)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When making a keytab-based AS request, a client has to choose between
sending its reply key enctype preference list (the enctypes it has in
the keytab) and its session key enctype preference list (all of the
enctypes it supports). Heimdal and MIT krb5 1.11 clients send the
reply key preference list. If this list doesn't overlap with the
server principal keys (say, because the krbtgt principal has only a
DES key), then the AS request will fail.
Try to make this work by making the KDC optimistically pick the first
permitted enctype in the request as the session key, even though it
can't be certain that other KDCs in the realm support that enctype.
Make sure to exercise this case in t_keytab.py by doing a multipass
keytab kinit test.
ticket: 7190 (new)
|
| |
|
|
|
|
|
| |
Very few Python tests need kadmind, so it makes more sense to have to
turn it on than to have to turn it off.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25825 dc483132-0cff-0310-8789-dd5450dbe970
|
| |
|
|
|
|
|
|
|
|
|
| |
When getting initial credentials with a keytab, filter the list of
request enctypes based on the keys in the keytab.
Based on a patch from Stef Walter.
ticket: 2131
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25818 dc483132-0cff-0310-8789-dd5450dbe970
|
|
|
Create a test script for keytab-related tests. Move the kvno wrapping
test there from t_general.py, and augment it to better match what's in
standalone.exp. Add tests for kinit with keytab, including kinit with
the most-preferred enctype missing from the keytab (which currently
fails).
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25815 dc483132-0cff-0310-8789-dd5450dbe970
|
