diff options
author | Andrew Bartlett <abartlet@samba.org> | 2011-04-06 09:12:15 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2011-04-06 05:24:48 +0200 |
commit | d84a8d534374072fc96fd5da34e0021c81005f1a (patch) | |
tree | b3ed60d281051387b209edd44b9a7ad709d48b09 | |
parent | 0415a5736e7e68f076fcf63dc16a7d33da4e569d (diff) | |
download | samba-d84a8d534374072fc96fd5da34e0021c81005f1a.tar.gz samba-d84a8d534374072fc96fd5da34e0021c81005f1a.tar.bz2 samba-d84a8d534374072fc96fd5da34e0021c81005f1a.zip |
s3-selftest Add tests to show kerberos works across a password change
It is important that a machine account password change does not
invalidate existing tickets.
This is only for the default kerberos method with a password in
secrets.tdb. The keytab based methods are still not tested.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Apr 6 05:24:48 CEST 2011 on sn-devel-104
-rw-r--r-- | selftest/target/Samba3.pm | 18 | ||||
-rw-r--r-- | source3/selftest/ktest-krb5_ccache-2 (renamed from source3/selftest/ktest-krb5_ccache) | bin | 11966 -> 11966 bytes | |||
-rw-r--r-- | source3/selftest/ktest-krb5_ccache-3 | bin | 0 -> 6031 bytes | |||
-rw-r--r-- | source3/selftest/ktest-secrets.tdb | bin | 45056 -> 45056 bytes | |||
-rwxr-xr-x | source3/selftest/tests.py | 5 |
5 files changed, 18 insertions, 5 deletions
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 66f7a4403e..b6c851a49d 100644 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -298,19 +298,29 @@ $ret->{USERNAME} = KTEST\\Administrator # ticket_lifetime = 799718400 # renew_lifetime = 799718400 # -# The commands run were: +# The commands for the -2 keytab where were: # kinit administrator@KTEST.SAMBA.EXAMPLE.COM # kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM # kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM # kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM # kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM # -# This creates a credential cache with a very long lifetime (2036 at at 2011-04) +# and then for the -3 keytab, I did +# +# net changetrustpw; kdestroy and the same again. +# +# This creates a credential cache with a very long lifetime (2036 at +# at 2011-04), and shows that running 'net changetrustpw' does not +# break existing logins (for the secrets.tdb method at least). +# $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache"; - system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache $prefix/krb5_ccache"); - chmod 0600, "$prefix/krb5_ccache"; + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2"); + chmod 0600, "$prefix/krb5_ccache-2"; + + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3"); + chmod 0600, "$prefix/krb5_ccache-3"; $self->check_or_start($ret, ($ENV{SMBD_MAXTIME} or 2700), diff --git a/source3/selftest/ktest-krb5_ccache b/source3/selftest/ktest-krb5_ccache-2 Binary files differindex 15102226f3..15102226f3 100644 --- a/source3/selftest/ktest-krb5_ccache +++ b/source3/selftest/ktest-krb5_ccache-2 diff --git a/source3/selftest/ktest-krb5_ccache-3 b/source3/selftest/ktest-krb5_ccache-3 Binary files differnew file mode 100644 index 0000000000..a056beb355 --- /dev/null +++ b/source3/selftest/ktest-krb5_ccache-3 diff --git a/source3/selftest/ktest-secrets.tdb b/source3/selftest/ktest-secrets.tdb Binary files differindex c09c315288..cf5c3d05dc 100644 --- a/source3/selftest/ktest-secrets.tdb +++ b/source3/selftest/ktest-secrets.tdb diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py index 826b84fa3b..3fd44c52ca 100755 --- a/source3/selftest/tests.py +++ b/source3/selftest/tests.py @@ -219,7 +219,10 @@ if sub.returncode == 0: e = "" a = "" binding_string = "ncacn_np:$SERVER[%s%s%s%s]" % (a, s, z, e) - options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache" + options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-2" + plansmbtorturetestsuite(test, "ktest", options, 'over kerberos with old ccache ncacn_np with [%s%s%s%s] ' % (a, s, z, e)) + + options = binding_string + " -k yes --krb5-ccache=$PREFIX/ktest/krb5_ccache-3" plansmbtorturetestsuite(test, "ktest", options, 'over kerberos ncacn_np with [%s%s%s%s] ' % (a, s, z, e)) |