krb5.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Simplify k5test.py environments	Greg Hudson	2012-12-20	1	-7/+7
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The initial k5test.py design, copied from the dejagnu suite, is to create config files and environments for four expected roles: client, server, master, and slave. This approach exaggerates the complexity of the common case, where the configurations don't need to vary, and limits us to having just one slave for kprop/iprop tests. Instead, create just one configuration by default, and add a special_env() method which sets up a differently configured environment for the few test cases which need one. The run_as_*() methods are collapsed into just run(), which accepts an optional argument for the environment returned by special_env().
*	Omit start time in common AS requests	Greg Hudson	2012-05-11	1	-10/+24
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	MIT and Heimdal KDCs ignore the start time for non-postdated ticket requests, but AD yields an error if the start time is in the KDC's future, defeating the kdc_timesync option. Omit the start time if the caller did not specify a start time offset. This change reenables the client check for too much clock skew in the KDC reply in the non-timesync configuration. That check had been unintentionally suppressed since the introduction of the get_init_creds interfaces. Adjust the t_skew test script to expect the new error behavior. Code changes from stefw@gnome.org with slight modifications. ticket: 7130 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25864 dc483132-0cff-0310-8789-dd5450dbe970
*	Flip the default of start_kadmind in k5test.py	Greg Hudson	2012-04-26	1	-2/+2
\| \| \| \| \| \| \|	Very few Python tests need kadmind, so it makes more sense to have to turn it on than to have to turn it off. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25825 dc483132-0cff-0310-8789-dd5450dbe970
*	Allow preauth mechs to work with clock skew	Greg Hudson	2012-04-17	1	-3/+9
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Add a clpreauth callback which gets the time of day using an offset determined by the preauth-required error, and use it in encrypted timestamp and encrypted challenge. This timestamp is not necessarily authenticated, but the security consequences for those preauth mechs are minor (and can be mitigated by turning off kdc_timesync on clients). Based on a patch from Stef Walter. ticket: 7114 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25808 dc483132-0cff-0310-8789-dd5450dbe970
*	Add clock skew tests	Greg Hudson	2012-04-17	1	-0/+38
	Add a KDC option (-T) to run with a time offset, and use that to test kdc_timesync behavior. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25807 dc483132-0cff-0310-8789-dd5450dbe970