krb5 commit: Test that password preauth works without PKINIT
Greg Hudson
ghudson at MIT.EDU
Thu Jul 18 00:59:06 EDT 2013
https://github.com/krb5/krb5/commit/83e503ed46352734721bff6e565d2b668d7af154
commit 83e503ed46352734721bff6e565d2b668d7af154
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Wed Jul 17 13:03:59 2013 -0400
Test that password preauth works without PKINIT
Before we test authenticated PKINIT, slip in a test to check that
password-based preauthentication still works when the KDC is offering
PKINIT, but the client has no PKINIT credentials.
src/tests/t_authpkinit.py | 12 ++++++++++++
1 files changed, 12 insertions(+), 0 deletions(-)
diff --git a/src/tests/t_authpkinit.py b/src/tests/t_authpkinit.py
index a7ca66a..ec7be50 100644
--- a/src/tests/t_authpkinit.py
+++ b/src/tests/t_authpkinit.py
@@ -61,6 +61,18 @@ def setup_dir_identities(realm):
shutil.copy(user_pem, os.path.join(path, 'user.crt'))
shutil.copy(user_pem, os.path.join(path_enc, 'user.crt'))
+# Sanity check - password-based preauth should still work.
+realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf,
+ get_creds=False)
+realm.run(['./responder',
+ '-r', 'password=%s' % password('user'),
+ 'user@%s' % realm.realm])
+realm.kinit('user@%s' % realm.realm,
+ password=password('user'))
+realm.klist('user@%s' % realm.realm)
+realm.run([kvno, realm.host_princ])
+realm.stop()
+
# Run the basic test - PKINIT with FILE: identity, with no password on the key.
realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf,
get_creds=False)
More information about the cvs-krb5
mailing list