diff options
author | Andrew Bartlett <abartlet@samba.org> | 2010-07-15 14:05:23 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2010-07-15 22:08:22 +1000 |
commit | 8769e75a616a3f4b7cc1a2b5f7ea261262ad75d2 (patch) | |
tree | 4266ffd4b95907af846d900a911eefde3cdf7391 /testprogs/blackbox | |
parent | 299057d8d97cce349af2ff931396fae1f09493a5 (diff) | |
download | samba-8769e75a616a3f4b7cc1a2b5f7ea261262ad75d2.tar.gz samba-8769e75a616a3f4b7cc1a2b5f7ea261262ad75d2.tar.bz2 samba-8769e75a616a3f4b7cc1a2b5f7ea261262ad75d2.zip |
s4:testprogs Show that we no longer delete the old keytab entries
By using a CCACHE obtained while the old password was still valid, we
can tell if the server still accepts incoming Kerberos connections
with the old password.
Andrew Bartlett
Diffstat (limited to 'testprogs/blackbox')
-rwxr-xr-x | testprogs/blackbox/test_chgdcpass.sh | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/testprogs/blackbox/test_chgdcpass.sh b/testprogs/blackbox/test_chgdcpass.sh index 24708adaa8..7b89e5dcdd 100755 --- a/testprogs/blackbox/test_chgdcpass.sh +++ b/testprogs/blackbox/test_chgdcpass.sh @@ -49,11 +49,13 @@ KRB5CCNAME="$PREFIX/tmpccache" export KRB5CCNAME rm -f $KRB5CCNAME testit "kinit with keytab" $samba4kinit $enctype -t $PROVDIR/private/secrets.keytab --use-keytab $USERNAME || failed=`expr $failed + 1` -testit "change dc password" ./scripting/devel/chgtdcpass -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1` -test_smbclient "Test login with kerberos ccache after password change" 'ls' -k yes || failed=`expr $failed + 1` +#This is important because it puts the ticket for the old KVNO and password into a local ccache +test_smbclient "Test login with kerberos ccache before password change" 'ls' -k yes || failed=`expr $failed + 1` +testit "change dc password" ./scripting/devel/chgtdcpass -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1` -#This is important because it shows that the old password remains valid (as it must) for incoming connections after the DC password is changed +#This is important because it shows that the old ticket remains valid (as it must) for incoming connections after the DC password is changed +test_smbclient "Test login with kerberos ccache after password change" 'ls' -k yes || failed=`expr $failed + 1` #This confirms that the DC password is valid for a kinit too testit "kinit with keytab" $samba4kinit $enctype -t $PROVDIR/private/secrets.keytab --use-keytab $USERNAME || failed=`expr $failed + 1` |