hartmans at MIT.EDU
Tue Apr 14 12:13:58 EDT 2009
I think that we want to add regression tests for FAST.
At least initially, I'd like to check the AS path.
I have not enabled the TGS client on the trunk yet, so it would be hard to test.
(I think I'd prefer not to do that in 1.7)
To test FAST, you need to:
* set the requires_preauth flag on some principal
* get a ticket to use as an armor ticket
* run kinit -T armor_ccahe principal
The easiest way to enable preauth is to set
default_principal_flags = +preauth
Doing so does significant change several aspects of the AS path. It's
kind of not good that our current tests never seem to test preauth.
FAST is somewhat sensitive to enctype issues. In particular, FAST
does not currently support DES, although that's relatively easy to
The code paths that are enctype specific are:
* PRF is used for the session key, long-term key and subsession key enctypes
* The mandatory checksum of the armor key is used at a number of points
It's been a long time since I've messed around inside the dejagnu
tests and I don't currently have either TCL or that code base swapped
More information about the krbdev