From d84a8d534374072fc96fd5da34e0021c81005f1a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 6 Apr 2011 09:12:15 +1000 Subject: s3-selftest Add tests to show kerberos works across a password change It is important that a machine account password change does not invalidate existing tickets. This is only for the default kerberos method with a password in secrets.tdb. The keytab based methods are still not tested. Andrew Bartlett Autobuild-User: Andrew Bartlett Autobuild-Date: Wed Apr 6 05:24:48 CEST 2011 on sn-devel-104 --- selftest/target/Samba3.pm | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'selftest') diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index 66f7a4403e..b6c851a49d 100644 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -298,19 +298,29 @@ $ret->{USERNAME} = KTEST\\Administrator # ticket_lifetime = 799718400 # renew_lifetime = 799718400 # -# The commands run were: +# The commands for the -2 keytab where were: # kinit administrator@KTEST.SAMBA.EXAMPLE.COM # kvno host/localktest6@KTEST.SAMBA.EXAMPLE.COM # kvno cifs/localktest6@KTEST.SAMBA.EXAMPLE.COM # kvno host/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM # kvno cifs/LOCALKTEST6@KTEST.SAMBA.EXAMPLE.COM # -# This creates a credential cache with a very long lifetime (2036 at at 2011-04) +# and then for the -3 keytab, I did +# +# net changetrustpw; kdestroy and the same again. +# +# This creates a credential cache with a very long lifetime (2036 at +# at 2011-04), and shows that running 'net changetrustpw' does not +# break existing logins (for the secrets.tdb method at least). +# $ret->{KRB5_CCACHE}="FILE:$prefix/krb5_ccache"; - system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache $prefix/krb5_ccache"); - chmod 0600, "$prefix/krb5_ccache"; + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-2 $prefix/krb5_ccache-2"); + chmod 0600, "$prefix/krb5_ccache-2"; + + system("cp $self->{srcdir}/source3/selftest/ktest-krb5_ccache-3 $prefix/krb5_ccache-3"); + chmod 0600, "$prefix/krb5_ccache-3"; $self->check_or_start($ret, ($ENV{SMBD_MAXTIME} or 2700), -- cgit