Testing FAST

Sam Hartman hartmans at MIT.EDU
Tue Apr 14 12:13:58 EDT 2009

I think that we want to add regression tests for FAST.

At least initially, I'd like to check the AS path.
I have not enabled the TGS client on the trunk yet, so it would be hard to test.
(I think I'd prefer not to do that in 1.7)

To test FAST, you need to:
* set the requires_preauth flag on some principal
* get a ticket to use as an armor ticket
* run kinit -T armor_ccahe principal

The easiest way to enable preauth is to set 
                default_principal_flags = +preauth
in kdc.conf

Doing so does significant change several aspects of the AS path.  It's
kind of not good that our current tests never seem to test preauth.

FAST is somewhat sensitive to enctype issues.  In particular, FAST
does not currently support DES, although that's relatively easy to
The code paths that are enctype specific are:
* PRF is used for the session key, long-term key and subsession key enctypes
* The mandatory checksum of the armor key is used at a number of points

It's been a long time since I've messed around inside the dejagnu
tests and I don't currently have either TCL or that code base swapped

More information about the krbdev mailing list