blob: 0b9832668e618b3db8d88cf388ec918898bb4df3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
#!/usr/bin/python
from k5test import *
# This file is intended to cover any password-changing mechanism. For
# now it only contains a regression test for #7868.
realm = K5Realm(create_host=False, get_creds=False, start_kadmind=True)
# Mark a principal as expired and change its password through kinit.
realm.run_kadminl('modprinc -pwexpire "1 day ago" user')
pwinput = password('user') + '\nabcd\nabcd\n'
realm.run([kinit, realm.user_princ], input=pwinput)
# Do the same thing with FAST, with tracing turned on.
realm.run_kadminl('modprinc -pwexpire "1 day ago" user')
pwinput = 'abcd\nefgh\nefgh\n'
tracefile = os.path.join(realm.testdir, 'trace')
realm.run(['env', 'KRB5_TRACE=' + tracefile, kinit, '-T', realm.ccache,
realm.user_princ], input=pwinput)
# Read the trace and check that FAST was used when getting the
# kadmin/changepw ticket.
f = open(tracefile, 'r')
trace = f.read()
f.close()
getting_changepw = fast_used_for_changepw = False
for line in trace.splitlines():
if 'Getting initial credentials for user@' in line:
getting_changepw_ticket = False
if 'Setting initial creds service to kadmin/changepw' in line:
getting_changepw_ticket = True
if getting_changepw_ticket and 'Using FAST' in line:
fast_used_for_changepw = True
if not fast_used_for_changepw:
fail('FAST was not used to get kadmin/changepw ticket')
success('Password change tests')
|
