krb5 commit: Restore test coverage for old session key types
ghudson at mit.edu
ghudson at mit.edu
Tue Jul 30 20:44:49 EDT 2024
https://github.com/krb5/krb5/commit/2063e72ca296a55768c071fb70727ff4688c3496
commit 2063e72ca296a55768c071fb70727ff4688c3496
Author: Greg Hudson <ghudson at mit.edu>
Date: Mon Jul 29 12:34:10 2024 -0400
Restore test coverage for old session key types
Commit 1b57a4d134bbd0e7c52d5885a92eccc815726463 made the KDC stop
issuing des3 and rc4 session keys by default. To make the des3 and
arcfour passes of the test suite work, it added aes256-sha1 to the
permitted enctypes for those passes. Negotiating AES session keys
reduces coverage of pre-CFX GSSAPI code and other uses of the older
enctypes. Instead set the enable_des3 and enable_rc4 variables.
src/util/k5test.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/k5test.py b/src/util/k5test.py
index f205f0ab3..f3e0045c2 100644
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -1339,14 +1339,14 @@ _passes = [
# Exercise the DES3 enctype.
('des3', None,
- {'libdefaults': {'permitted_enctypes': 'des3 aes256-sha1'}},
+ {'libdefaults': {'permitted_enctypes': 'des3', 'allow_des3': 'true'}},
{'realms': {'$realm': {
'supported_enctypes': 'des3-cbc-sha1:normal',
'master_key_type': 'des3-cbc-sha1'}}}),
# Exercise the arcfour enctype.
('arcfour', None,
- {'libdefaults': {'permitted_enctypes': 'rc4 aes256-sha1'}},
+ {'libdefaults': {'permitted_enctypes': 'rc4', 'allow_rc4': 'true'}},
{'realms': {'$realm': {
'supported_enctypes': 'arcfour-hmac:normal',
'master_key_type': 'arcfour-hmac'}}}),
More information about the cvs-krb5
mailing list