$(RUNPYTEST) $(srcdir)/t_dump.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_iprop.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_kprop.py $(PYTESTFLAGS)
- $(RUNPYTEST) $(srcdir)/t_anonpkinit.py $(PYTESTFLAGS)
- $(RUNPYTEST) $(srcdir)/t_authpkinit.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_policy.py $(PYTESTFLAGS)
+ $(RUNPYTEST) $(srcdir)/t_pkinit.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_otp.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_localauth.py $(PYTESTFLAGS)
$(RUNPYTEST) $(srcdir)/t_kadm5_hook.py $(PYTESTFLAGS)
+++ /dev/null
-#!/usr/bin/python
-from k5test import *
-
-# Skip this test if pkinit wasn't built.
-if not os.path.exists(os.path.join(plugins, 'preauth', 'pkinit.so')):
- success('Warning: not testing pkinit because it is not built')
- exit(0)
-
-# Construct a krb5.conf fragment configuring pkinit.
-certs = os.path.join(srctop, 'tests', 'dejagnu', 'pkinit-certs')
-ca_pem = os.path.join(certs, 'ca.pem')
-kdc_pem = os.path.join(certs, 'kdc.pem')
-privkey_pem = os.path.join(certs, 'privkey.pem')
-pkinit_krb5_conf = {
- 'libdefaults': {
- 'pkinit_anchors': 'FILE:' + ca_pem},
- 'realms': {'$realm': {
- 'pkinit_anchors': 'FILE:%s' % ca_pem,
- 'pkinit_identity': 'FILE:%s,%s' % (kdc_pem, privkey_pem)}}}
-
-restrictive_kdc_conf = {
- 'realms': {'$realm' : {
- 'restrict_anonymous_to_tgt': 'true' }}}
-
-# In the basic test, anonymous is not restricted, so kvno should succeed.
-realm = K5Realm(krb5_conf=pkinit_krb5_conf, create_user=False)
-realm.addprinc('WELLKNOWN/ANONYMOUS')
-realm.kinit('@%s' % realm.realm, flags=['-n'])
-realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS')
-realm.run([kvno, realm.host_princ])
-realm.stop()
-
-# Now try again with anonymous restricted; kvno should fail.
-realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=restrictive_kdc_conf,
- create_user=False)
-realm.addprinc('WELLKNOWN/ANONYMOUS')
-realm.kinit('@%s' % realm.realm, flags=['-n'])
-# now try FAST
-realm.kinit('@%s' % realm.realm, flags=['-n', '-T', realm.ccache])
-realm.run([kvno, realm.host_princ], expected_code=1)
-
-success('Anonymous PKINIT')
realm.run([kvno, realm.host_princ])
realm.stop()
+restrictive_kdc_conf = {
+ 'realms': {'$realm' : {
+ 'restrict_anonymous_to_tgt': 'true' }}}
+
+# Test anonymous PKINIT.
+realm = K5Realm(krb5_conf=pkinit_krb5_conf, create_user=False)
+realm.addprinc('WELLKNOWN/ANONYMOUS')
+realm.kinit('@%s' % realm.realm, flags=['-n'])
+realm.klist('WELLKNOWN/ANONYMOUS@WELLKNOWN:ANONYMOUS')
+realm.run([kvno, realm.host_princ])
+realm.stop()
+
+# Now try again with anonymous restricted; kvno should fail.
+realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=restrictive_kdc_conf,
+ create_user=False)
+realm.addprinc('WELLKNOWN/ANONYMOUS')
+realm.kinit('@%s' % realm.realm, flags=['-n'])
+# now try FAST
+realm.kinit('@%s' % realm.realm, flags=['-n', '-T', realm.ccache])
+realm.run([kvno, realm.host_princ], expected_code=1)
+realm.stop()
+
# Run the basic test - PKINIT with FILE: identity, with no password on the key.
realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf,
get_creds=False)
projects / thirdparty / krb5.git / commitdiff
