[31347] in CVS-changelog-for-Kerberos-V5

home help back first fref pref prev next nref lref last post

krb5 commit: Restore test coverage for old session key types

daemon@ATHENA.MIT.EDU (ghudson@mit.edu)
Tue Jul 30 20:44:56 2024

From: ghudson@mit.edu
To: cvs-krb5@mit.edu
Message-Id: <20240731004449.58100101B2F@krbdev.mit.edu>
Date: Tue, 30 Jul 2024 20:44:49 -0400 (EDT)
MIME-Version: 1.0
Reply-To: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: cvs-krb5-bounces@mit.edu

https://github.com/krb5/krb5/commit/2063e72ca296a55768c071fb70727ff4688c3496
commit 2063e72ca296a55768c071fb70727ff4688c3496
Author: Greg Hudson <ghudson@mit.edu>
Date:   Mon Jul 29 12:34:10 2024 -0400

    Restore test coverage for old session key types
    
    Commit 1b57a4d134bbd0e7c52d5885a92eccc815726463 made the KDC stop
    issuing des3 and rc4 session keys by default.  To make the des3 and
    arcfour passes of the test suite work, it added aes256-sha1 to the
    permitted enctypes for those passes.  Negotiating AES session keys
    reduces coverage of pre-CFX GSSAPI code and other uses of the older
    enctypes.  Instead set the enable_des3 and enable_rc4 variables.

 src/util/k5test.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/util/k5test.py b/src/util/k5test.py
index f205f0ab3..f3e0045c2 100644
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -1339,14 +1339,14 @@ _passes = [
 
     # Exercise the DES3 enctype.
     ('des3', None,
-     {'libdefaults': {'permitted_enctypes': 'des3 aes256-sha1'}},
+     {'libdefaults': {'permitted_enctypes': 'des3', 'allow_des3': 'true'}},
      {'realms': {'$realm': {
                     'supported_enctypes': 'des3-cbc-sha1:normal',
                     'master_key_type': 'des3-cbc-sha1'}}}),
 
     # Exercise the arcfour enctype.
     ('arcfour', None,
-     {'libdefaults': {'permitted_enctypes': 'rc4 aes256-sha1'}},
+     {'libdefaults': {'permitted_enctypes': 'rc4', 'allow_rc4': 'true'}},
      {'realms': {'$realm': {
                     'supported_enctypes': 'arcfour-hmac:normal',
                     'master_key_type': 'arcfour-hmac'}}}),
_______________________________________________
cvs-krb5 mailing list
cvs-krb5@mit.edu
https://mailman.mit.edu/mailman/listinfo/cvs-krb5
home help back first fref pref prev next nref lref last post