[27866] in CVS-changelog-for-Kerberos-V5
krb5 commit: Test that password preauth works without PKINIT
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jul 18 00:59:51 2013
Date: Thu, 18 Jul 2013 00:59:06 -0400
From: Greg Hudson <ghudson@mit.edu>
Message-Id: <201307180459.r6I4x67v018949@drugstore.mit.edu>
To: cvs-krb5@mit.edu
Reply-To: krbdev@mit.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu
https://github.com/krb5/krb5/commit/83e503ed46352734721bff6e565d2b668d7af154
commit 83e503ed46352734721bff6e565d2b668d7af154
Author: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Wed Jul 17 13:03:59 2013 -0400
Test that password preauth works without PKINIT
Before we test authenticated PKINIT, slip in a test to check that
password-based preauthentication still works when the KDC is offering
PKINIT, but the client has no PKINIT credentials.
src/tests/t_authpkinit.py | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/src/tests/t_authpkinit.py b/src/tests/t_authpkinit.py
index a7ca66a..ec7be50 100644
--- a/src/tests/t_authpkinit.py
+++ b/src/tests/t_authpkinit.py
@@ -61,6 +61,18 @@ def setup_dir_identities(realm):
shutil.copy(user_pem, os.path.join(path, 'user.crt'))
shutil.copy(user_pem, os.path.join(path_enc, 'user.crt'))
+# Sanity check - password-based preauth should still work.
+realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf,
+ get_creds=False)
+realm.run(['./responder',
+ '-r', 'password=%s' % password('user'),
+ 'user@%s' % realm.realm])
+realm.kinit('user@%s' % realm.realm,
+ password=password('user'))
+realm.klist('user@%s' % realm.realm)
+realm.run([kvno, realm.host_princ])
+realm.stop()
+
# Run the basic test - PKINIT with FILE: identity, with no password on the key.
realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf,
get_creds=False)
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5