From 2bff209128b85bd870ad36fa00ffcc92edbbab08 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Tue, 29 Nov 2011 12:47:40 +1100
Subject: s4-samba-tool: Add --principal argument to samba-tool domain
 exportkeytab
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This allows only a particular principal to be exported to the keytab.
This is useful when setting up unix servers in a Samba controlled
domain.

Based on a request by Gémes Géza <geza@kzsdabas.hu>

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Nov 29 09:20:55 CET 2011 on sn-devel-104
---
 testprogs/blackbox/test_export_keytab.sh | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

(limited to 'testprogs')

diff --git a/testprogs/blackbox/test_export_keytab.sh b/testprogs/blackbox/test_export_keytab.sh
index 7c637042d4..a2debfef1c 100755
--- a/testprogs/blackbox/test_export_keytab.sh
+++ b/testprogs/blackbox/test_export_keytab.sh
@@ -49,6 +49,12 @@ testit "create user locally" $VALGRIND $newuser nettestuser $USERPASS $@ || fail
 testit "dump keytab from domain" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab $@ || failed=`expr $failed + 1`
 testit "dump keytab from domain (2nd time)" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab $@ || failed=`expr $failed + 1`
 
+testit "dump keytab from domain for cifs principal" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-server --principal=cifs/$SERVER $@ || failed=`expr $failed + 1`
+testit "dump keytab from domain for cifs principal (2nd time)" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-server --principal=cifs/$SERVER $@ || failed=`expr $failed + 1`
+
+testit "dump keytab from domain for user principal" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-2 --principal=nettestuser $@ || failed=`expr $failed + 1`
+testit "dump keytab from domain for user principal (2nd time)" $VALGRIND $samba_tool domain exportkeytab $PREFIX/tmpkeytab-2 --principal=nettestuser@$REALM $@ || failed=`expr $failed + 1`
+
 KRB5CCNAME="$PREFIX/tmpuserccache"
 export KRB5CCNAME
 
@@ -56,6 +62,10 @@ testit "kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpke
 
 test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
 
+testit "kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab-2 --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
+
+test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' -k yes || failed=`expr $failed + 1`
+
 KRB5CCNAME="$PREFIX/tmpadminccache"
 export KRB5CCNAME
 
@@ -63,5 +73,5 @@ testit "kinit with keytab as $USERNAME" $VALGRIND $samba4kinit --keytab=$PREFIX/
 
 testit "del user" $VALGRIND $samba_tool user delete nettestuser -k yes $@ || failed=`expr $failed + 1`
 
-rm -f $PREFIX/tmpadminccache $PREFIX/tmpuserccache $PREFIX/tmpkeytab
+rm -f $PREFIX/tmpadminccache $PREFIX/tmpuserccache $PREFIX/tmpkeytab $PREFIX/tmpkeytab-2 $PREFIX/tmpkeytab-server
 exit $failed
-- 
cgit