diff options
author | Cy Schubert <cy@FreeBSD.org> | 2018-04-03 19:36:00 +0000 |
---|---|---|
committer | Cy Schubert <cy@FreeBSD.org> | 2018-04-03 19:36:00 +0000 |
commit | b0e4d68d5124581ae353493d69bea352de4cff8a (patch) | |
tree | 43300ec43e83eccd367fd76fdfdefba2dcd7d8f4 /src/tests/gssapi/t_authind.py | |
parent | 33a9b234e7087f573ef08cd7318c6497ba08b439 (diff) |
Notes
Diffstat (limited to 'src/tests/gssapi/t_authind.py')
-rw-r--r-- | src/tests/gssapi/t_authind.py | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/src/tests/gssapi/t_authind.py b/src/tests/gssapi/t_authind.py index 316bc4093801..84793beb623f 100644 --- a/src/tests/gssapi/t_authind.py +++ b/src/tests/gssapi/t_authind.py @@ -24,9 +24,8 @@ if ('Attribute auth-indicators Authenticated Complete') not in out: if '73757065727374726f6e67' not in out: fail('Expected auth indicator not seen in name attributes') -out = realm.run(['./t_srcattrs', 'p:service/2'], expected_code=1) -if 'gss_init_sec_context: KDC policy rejects request' not in out: - fail('Expected error message not seen for indicator mismatch') +msg = 'gss_init_sec_context: KDC policy rejects request' +realm.run(['./t_srcattrs', 'p:service/2'], expected_code=1, expected_msg=msg) realm.kinit(realm.user_princ, password('user'), ['-X', 'indicators=one two']) out = realm.run(['./t_srcattrs', 'p:service/2']) @@ -35,4 +34,19 @@ if '6f6e65' not in out or '74776f' not in out: fail('Expected auth indicator not seen in name attributes') realm.stop() + +# Test the FAST encrypted challenge auth indicator. +kdcconf = {'realms': {'$realm': {'encrypted_challenge_indicator': 'fast'}}} +realm = K5Realm(kdc_conf=kdcconf) +realm.run([kadminl, 'modprinc', '+requires_preauth', realm.user_princ]) +realm.run([kadminl, 'xst', realm.host_princ]) +realm.kinit(realm.user_princ, password('user')) +realm.kinit(realm.user_princ, password('user'), ['-T', realm.ccache]) +out = realm.run(['./t_srcattrs', 'p:' + realm.host_princ]) +if ('Attribute auth-indicators Authenticated Complete') not in out: + fail('Expected attribute type not seen') +if '66617374' not in out: + fail('Expected auth indicator not seen in name attributes') + +realm.stop() success('GSSAPI auth indicator tests') |