[krbdev.mit.edu #7639] Transited realm checks sometimes fail for GSSAPI
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Sun May 19 01:50:22 EDT 2013
diff --git a/src/tests/gssapi/t_gssapi.py b/src/tests/gssapi/t_gssapi.py
index de778cc..51b5aa1 100755
--- a/src/tests/gssapi/t_gssapi.py
+++ b/src/tests/gssapi/t_gssapi.py
@@ -110,6 +110,19 @@ if 'host/-nomatch-' not in output:
realm.stop()
+# Make sure a GSSAPI acceptor can handle cross-realm tickets with a
+# transited field. (Regression test for #7639.)
+r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)),
+ args=[{'realm': 'A.X', 'create_user': True},
+ {'realm': 'X'},
+ {'realm': 'B.X', 'create_host': True}],
+ create_user=False, create_host=False)
+os.rename(r3.keytab, r1.keytab)
+r1.run(['./t_accname', 'p:' + r3.host_princ, 'h:host'])
+r1.stop()
+r2.stop()
+r3.stop()
+
### Test gss_inquire_cred behavior.
realm = K5Realm()
More information about the krb5-bugs
mailing list