ITS#10084 Switch MECH default away from DIGEST-MD5

diff --git a/tests/scripts/conf.sh b/tests/scripts/conf.sh
index d166eba20e1808f34910454d8d9553392d372bf3..c3a61fd2ee9c942413ef223b3f126295f5e1e65b 100755 (executable)
--- a/tests/scripts/conf.sh
+++ b/tests/scripts/conf.sh
@@ -15,7 +15,7 @@
 if [ x"$WITH_SASL" = x"yes" -a x"$USE_SASL" != x"no" ] ; then
        SASL="sasl"
        if [ x"$USE_SASL" = x"yes" ] ; then
-               USE_SASL=DIGEST-MD5
+               USE_SASL=SCRAM-SHA-256
        fi
        SASL_MECH="\"saslmech=$USE_SASL\""
 else

diff --git a/tests/scripts/lloadd/test006-sasl b/tests/scripts/lloadd/test006-sasl
index a49dbbb58e733d77ce98c4aba1b56348639deda9..b7f5e90573a49b13b75cdb3d37f063614f574df3 100755 (executable)
--- a/tests/scripts/lloadd/test006-sasl
+++ b/tests/scripts/lloadd/test006-sasl
@@ -22,7 +22,7 @@ if test $WITH_SASL = "yes" ; then
         exit 0
     fi
     if test $USE_SASL = "yes" ; then
-        MECH="DIGEST-MD5"
+        MECH="SCRAM-SHA-256"
     else
         MECH="$USE_SASL"
     fi

diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert
index 76fb5c80ca4f6e0373135f84d76c0e6b331a226f..82954880308208beed22490106d936bfa9e59dd4 100755 (executable)
--- a/tests/scripts/test028-idassert
+++ b/tests/scripts/test028-idassert
@@ -20,7 +20,7 @@ echo "### This test requires the LDAP backend and the rwm overlay."
 echo "### If available, and explicitly requested, it can use SASL bind;"
 echo "### note that SASL must be properly set up, and the requested"
 echo "### mechanism must be available.  Define SLAPD_USE_SASL={yes|<mech>},"
-echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
+echo "### with \"yes\" defaulting to SCRAM-SHA-256 to enable SASL authc[/authz]."
 
 if test $BACKLDAP = "ldapno" ; then 
        echo "LDAP backend not available, test skipped"
@@ -35,7 +35,7 @@ fi
 if test $WITH_SASL = "yes" ; then
        if test $USE_SASL != "no" ; then
                if test $USE_SASL = "yes" ; then
-                       MECH="DIGEST-MD5"
+                       MECH="SCRAM-SHA-256"
                else
                        MECH="$USE_SASL"
                fi

diff --git a/tests/scripts/test029-ldapglue b/tests/scripts/test029-ldapglue
index 3cffc1120fd25513930387863e75c7b87023dfd8..0f98385b5b265fec0da0e80a3e0ad2f2ec1f9ea5 100755 (executable)
--- a/tests/scripts/test029-ldapglue
+++ b/tests/scripts/test029-ldapglue
@@ -20,7 +20,7 @@ echo "### This test requires the ldap backend and glue overlay."
 echo "### If available, and explicitly requested, it can use SASL bind;"
 echo "### note that SASL must be properly set up, and the requested"
 echo "### mechanism must be available.  Define SLAPD_USE_SASL={yes|<mech>},"
-echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
+echo "### with \"yes\" defaulting to SCRAM-SHA-256 to enable SASL authc[/authz]."
 
 if test $BACKLDAP = "ldapno" ; then 
        echo "LDAP backend not available, test skipped"
@@ -30,7 +30,7 @@ fi
 if test $WITH_SASL = "yes" ; then
        if test $USE_SASL != "no" ; then
                if test $USE_SASL = "yes" ; then
-                       MECH="DIGEST-MD5"
+                       MECH="SCRAM-SHA-256"
                else
                        MECH="$USE_SASL"
                fi

diff --git a/tests/scripts/test076-authid-rewrite b/tests/scripts/test076-authid-rewrite
index 383e4c3f59b4a104998b6ba61f0ae371d407b927..0c0fb79d4e7c82e27a384a6062ef398ed98b0382 100755 (executable)
--- a/tests/scripts/test076-authid-rewrite
+++ b/tests/scripts/test076-authid-rewrite
@@ -21,8 +21,15 @@ if test $WITH_SASL = no; then
        exit 0
 fi
 
+case "$USE_SASL" in
+       ""|no|yes)
+               MECH="SCRAM-SHA-256";;
+       *)
+               MECH="$USE_SASL"
+esac
+echo "Using SASL authc[/authz] with mech=$MECH"
+
 CONFDIR=$TESTDIR/slapd.d
-MECH=DIGEST-MD5
 
 mkdir -p $TESTDIR $CONFDIR $DBDIR1