diff options
| author | Nalin Dahyabhai <nalin@dahyabhai.net> | 2013-07-17 13:03:59 -0400 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2013-07-17 15:56:36 -0400 |
| commit | 83e503ed46352734721bff6e565d2b668d7af154 (patch) | |
| tree | 8cd17e497bce3a698309002f2bfd5f2c069366bb /src/tests | |
| parent | f6a2635d72a37eccbea4bbe260cb2c304302af3b (diff) | |
| download | krb5-83e503ed46352734721bff6e565d2b668d7af154.tar.gz krb5-83e503ed46352734721bff6e565d2b668d7af154.tar.xz krb5-83e503ed46352734721bff6e565d2b668d7af154.zip | |
Test that password preauth works without PKINIT
Before we test authenticated PKINIT, slip in a test to check that
password-based preauthentication still works when the KDC is offering
PKINIT, but the client has no PKINIT credentials.
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/t_authpkinit.py | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/tests/t_authpkinit.py b/src/tests/t_authpkinit.py index a7ca66ab2..ec7be5004 100644 --- a/src/tests/t_authpkinit.py +++ b/src/tests/t_authpkinit.py @@ -61,6 +61,18 @@ def setup_dir_identities(realm): shutil.copy(user_pem, os.path.join(path, 'user.crt')) shutil.copy(user_pem, os.path.join(path_enc, 'user.crt')) +# Sanity check - password-based preauth should still work. +realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf, + get_creds=False) +realm.run(['./responder', + '-r', 'password=%s' % password('user'), + 'user@%s' % realm.realm]) +realm.kinit('user@%s' % realm.realm, + password=password('user')) +realm.klist('user@%s' % realm.realm) +realm.run([kvno, realm.host_princ]) +realm.stop() + # Run the basic test - PKINIT with FILE: identity, with no password on the key. realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf, get_creds=False) |