From 8769e75a616a3f4b7cc1a2b5f7ea261262ad75d2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 15 Jul 2010 14:05:23 +1000 Subject: s4:testprogs Show that we no longer delete the old keytab entries By using a CCACHE obtained while the old password was still valid, we can tell if the server still accepts incoming Kerberos connections with the old password. Andrew Bartlett --- testprogs/blackbox/test_chgdcpass.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'testprogs') diff --git a/testprogs/blackbox/test_chgdcpass.sh b/testprogs/blackbox/test_chgdcpass.sh index 24708adaa8..7b89e5dcdd 100755 --- a/testprogs/blackbox/test_chgdcpass.sh +++ b/testprogs/blackbox/test_chgdcpass.sh @@ -49,11 +49,13 @@ KRB5CCNAME="$PREFIX/tmpccache" export KRB5CCNAME rm -f $KRB5CCNAME testit "kinit with keytab" $samba4kinit $enctype -t $PROVDIR/private/secrets.keytab --use-keytab $USERNAME || failed=`expr $failed + 1` -testit "change dc password" ./scripting/devel/chgtdcpass -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1` -test_smbclient "Test login with kerberos ccache after password change" 'ls' -k yes || failed=`expr $failed + 1` +#This is important because it puts the ticket for the old KVNO and password into a local ccache +test_smbclient "Test login with kerberos ccache before password change" 'ls' -k yes || failed=`expr $failed + 1` +testit "change dc password" ./scripting/devel/chgtdcpass -s $PROVDIR/etc/smb.conf || failed=`expr $failed + 1` -#This is important because it shows that the old password remains valid (as it must) for incoming connections after the DC password is changed +#This is important because it shows that the old ticket remains valid (as it must) for incoming connections after the DC password is changed +test_smbclient "Test login with kerberos ccache after password change" 'ls' -k yes || failed=`expr $failed + 1` #This confirms that the DC password is valid for a kinit too testit "kinit with keytab" $samba4kinit $enctype -t $PROVDIR/private/secrets.keytab --use-keytab $USERNAME || failed=`expr $failed + 1` -- cgit