Add AD-SIGNTICKET test for renewing tickets

Add another regression test for #8139 using renewed tickets.

diff --git a/src/tests/t_authdata.py b/src/tests/t_authdata.py
index 33525022ba84f8179c4302fa5b4f7be4920c9ada..a531cf81afb0aabfe61e648d9f1a1e473b9a91e6 100644 (file)
--- a/src/tests/t_authdata.py
+++ b/src/tests/t_authdata.py
@@ -88,6 +88,7 @@ realm, realm2 = cross_realms(2, args=({'realm': 'LOCAL'},
 realm.run([kadminl, 'modprinc', '+requires_preauth', '-maxrenewlife', '2 days',
            realm.user_princ])
 realm.run([kadminl, 'modprinc', '-maxrenewlife', '2 days', realm.host_princ])
+realm.run([kadminl, 'modprinc', '-maxrenewlife', '2 days', realm.krbtgt_princ])
 realm.extract_keytab(realm.krbtgt_princ, realm.keytab)
 realm.extract_keytab(realm.host_princ, realm.keytab)
 realm.extract_keytab('krbtgt/FOREIGN', realm.keytab)
@@ -178,6 +179,13 @@ realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'des3-cbc-sha1',
 realm.run(['./forward'])
 realm.run([kvno, realm.host_princ])
 
+# Repeat the above test using a renewed TGT.
+realm.kinit(realm.user_princ, password('user'), ['-r', '2d'])
+realm.run([kadminl, 'cpw', '-randkey', '-keepold', '-e', 'aes128-cts',
+           realm.krbtgt_princ])
+realm.kinit(realm.user_princ, None, ['-R'])
+realm.run([kvno, realm.host_princ])
+
 realm.stop()
 realm2.stop()