diff options
| author | Sam Hartman <hartmans@mit.edu> | 2011-11-23 01:00:27 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2011-11-23 01:00:27 +0000 |
| commit | adfcfdce396468f93dce5fb56c7509d138a11e5c (patch) | |
| tree | 74daa40bd00c461da828adfef8fcf9ed28399eea /src/tests | |
| parent | 01bd1cedd0fb24b7578b3c4b563f065dd113e3d7 (diff) | |
ticket: new
subject: FAST PKINIT
target_version: 1.10
tags: pullup
Per RFC 6113 fast should use the inner request body for the pkinit
checksum. We did that on the KDC; now do so on the client. Remove
code that explicitly blocked pkinit under FAST.
Also, use the reply key *before* the strengthen key is applied when
verifying the PADATA_PKINIT_KX.
Add FAST pkinit test.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25486 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/tests')
| -rw-r--r-- | src/tests/t_anonpkinit.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/tests/t_anonpkinit.py b/src/tests/t_anonpkinit.py index 5b2368e12..7ae955d17 100644 --- a/src/tests/t_anonpkinit.py +++ b/src/tests/t_anonpkinit.py @@ -42,6 +42,8 @@ realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=restrictive_kdc_conf, create_user=False) realm.addprinc('WELLKNOWN/ANONYMOUS') realm.kinit('@%s' % realm.realm, flags=['-n']) +# now try FAST +realm.kinit('@%s' % realm.realm, flags=['-n', '-T', realm.ccache]) realm.run_as_client([kvno, realm.host_princ], expected_code=1) success('Anonymous PKINIT') |