diff options
author | Andrew Bartlett <abartlet@samba.org> | 2009-06-30 12:11:14 +1000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2009-06-30 12:11:14 +1000 |
commit | 89a074b784295204aa8d7dd585bf3533ac7971a7 (patch) | |
tree | 830e6fd5cf0e3924e8735abd4530f6eba3bf4b86 /testprogs | |
parent | 6ba0e7f7b21b7b7e57d92c1aa90331cb93964217 (diff) | |
download | samba-89a074b784295204aa8d7dd585bf3533ac7971a7.tar.gz samba-89a074b784295204aa8d7dd585bf3533ac7971a7.tar.bz2 samba-89a074b784295204aa8d7dd585bf3533ac7971a7.zip |
s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ. Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.
While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).
Andrew Bartlett
Diffstat (limited to 'testprogs')
-rwxr-xr-x | testprogs/blackbox/test_kinit.sh | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/testprogs/blackbox/test_kinit.sh b/testprogs/blackbox/test_kinit.sh index 840002f51e..2349afae7e 100755 --- a/testprogs/blackbox/test_kinit.sh +++ b/testprogs/blackbox/test_kinit.sh @@ -51,6 +51,8 @@ export KRB5CCNAME echo $PASSWORD > ./tmppassfile #testit "kinit with keytab" $samba4kinit --keytab=$PREFIX/dc/private/secrets.keytab $SERVER\$@$REALM || failed=`expr $failed + 1` testit "kinit with password" $samba4kinit --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit with password (enterprise style)" $samba4kinit --enterprise --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit with password (windows style)" $samba4kinit --windows --password-file=./tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` testit "kinit with pkinit" $samba4kinit --request-pac --renewable --pk-user=FILE:$PREFIX/dc/private/tls/admincert.pem,$PREFIX/dc/private/tls/adminkey.pem $USERNAME@$REALM || failed=`expr $failed + 1` testit "kinit renew ticket" $samba4kinit --request-pac -R |