summaryrefslogtreecommitdiff
path: root/testprogs/blackbox
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2010-07-15 14:05:23 +1000
committerAndrew Bartlett <abartlet@samba.org>2010-07-15 22:08:22 +1000
commit8769e75a616a3f4b7cc1a2b5f7ea261262ad75d2 (patch)
tree4266ffd4b95907af846d900a911eefde3cdf7391 /testprogs/blackbox
parent299057d8d97cce349af2ff931396fae1f09493a5 (diff)
downloadsamba-8769e75a616a3f4b7cc1a2b5f7ea261262ad75d2.tar.gz
samba-8769e75a616a3f4b7cc1a2b5f7ea261262ad75d2.tar.bz2
samba-8769e75a616a3f4b7cc1a2b5f7ea261262ad75d2.zip
s4:testprogs Show that we no longer delete the old keytab entries
By using a CCACHE obtained while the old password was still valid, we can tell if the server still accepts incoming Kerberos connections with the old password. Andrew Bartlett
Diffstat (limited to 'testprogs/blackbox')
-rwxr-xr-xtestprogs/blackbox/test_chgdcpass.sh8
1 files changed, 5 insertions, 3 deletions
diff --git a/testprogs/blackbox/test_chgdcpass.sh b/testprogs/blackbox/test_chgdcpass.sh
index 24708adaa8..7b89e5dcdd 100755
--- a/testprogs/blackbox/test_chgdcpass.sh
+++ b/testprogs/blackbox/test_chgdcpass.sh
@@ -49,11 +49,13 @@ KRB5CCNAME="$PREFIX/tmpccache"
export KRB5CCNAME
rm -f $KRB5CCNAME
testit "kinit with keytab" $samba4kinit $enctype -t $PROVDIR/private/secrets.keytab --use-keytab $USERNAME || failed=`expr $failed + 1`
-testit "change dc password" ./scripting/devel/chgtdcpass -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
-test_smbclient "Test login with kerberos ccache after password change" 'ls' -k yes || failed=`expr $failed + 1`
+#This is important because it puts the ticket for the old KVNO and password into a local ccache
+test_smbclient "Test login with kerberos ccache before password change" 'ls' -k yes || failed=`expr $failed + 1`
+testit "change dc password" ./scripting/devel/chgtdcpass -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
-#This is important because it shows that the old password remains valid (as it must) for incoming connections after the DC password is changed
+#This is important because it shows that the old ticket remains valid (as it must) for incoming connections after the DC password is changed
+test_smbclient "Test login with kerberos ccache after password change" 'ls' -k yes || failed=`expr $failed + 1`
#This confirms that the DC password is valid for a kinit too
testit "kinit with keytab" $samba4kinit $enctype -t $PROVDIR/private/secrets.keytab --use-keytab $USERNAME || failed=`expr $failed + 1`