ITS#10084 Switch MECH default away from DIGEST-MD5

diff --git a/tests/scripts/conf.sh b/tests/scripts/conf.sh
index 837abfd082a5abf8bc3b374bdaf395ee955e8383..bcd9a4a6512b9cba2cd9e3c21252e4dfbc90e705 100755 (executable)
--- a/tests/scripts/conf.sh
+++ b/tests/scripts/conf.sh
@@ -15,7 +15,7 @@
 if [ x"$WITH_SASL" = x"yes" -a x"$USE_SASL" != x"no" ] ; then
        SASL="sasl"
        if [ x"$USE_SASL" = x"yes" ] ; then
-               USE_SASL=DIGEST-MD5
+               USE_SASL=SCRAM-SHA-256
        fi
        SASL_MECH="\"saslmech=$USE_SASL\""
 else

diff --git a/tests/scripts/lloadd/test006-sasl b/tests/scripts/lloadd/test006-sasl
index c332eb061ca337a68819e518e4f5299944274a9f..bc101b7d45445de0a309803f8b42408764ad997b 100755 (executable)
--- a/tests/scripts/lloadd/test006-sasl
+++ b/tests/scripts/lloadd/test006-sasl
@@ -22,7 +22,7 @@ if test $WITH_SASL = "yes" ; then
         exit 0
     fi
     if test $USE_SASL = "yes" ; then
-        MECH="DIGEST-MD5"
+        MECH="SCRAM-SHA-256"
     else
         MECH="$USE_SASL"
     fi

diff --git a/tests/scripts/test028-idassert b/tests/scripts/test028-idassert
index d0dddfa5254391940e05d00ac8ca5d3e393d6d45..92ecb3e8e13fd1d0ef978444dc03d31249a822b7 100755 (executable)
--- a/tests/scripts/test028-idassert
+++ b/tests/scripts/test028-idassert
@@ -20,7 +20,7 @@ echo "### This test requires the LDAP backend and the rwm overlay."
 echo "### If available, and explicitly requested, it can use SASL bind;"
 echo "### note that SASL must be properly set up, and the requested"
 echo "### mechanism must be available.  Define SLAPD_USE_SASL={yes|<mech>},"
-echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
+echo "### with \"yes\" defaulting to SCRAM-SHA-256 to enable SASL authc[/authz]."
 
 if test $BACKLDAP = "ldapno" ; then 
        echo "LDAP backend not available, test skipped"
@@ -35,7 +35,7 @@ fi
 if test $WITH_SASL = "yes" ; then
        if test $USE_SASL != "no" ; then
                if test $USE_SASL = "yes" ; then
-                       MECH="DIGEST-MD5"
+                       MECH="SCRAM-SHA-256"
                else
                        MECH="$USE_SASL"
                fi

diff --git a/tests/scripts/test029-ldapglue b/tests/scripts/test029-ldapglue
index 0bb5dc2ca8bc862c16fe5f78da1e123b6e6d6dfe..89f3379d0a0e54f071ec8b1ce4c52ccd786e7fe8 100755 (executable)
--- a/tests/scripts/test029-ldapglue
+++ b/tests/scripts/test029-ldapglue
@@ -20,7 +20,7 @@ echo "### This test requires the ldap backend and glue overlay."
 echo "### If available, and explicitly requested, it can use SASL bind;"
 echo "### note that SASL must be properly set up, and the requested"
 echo "### mechanism must be available.  Define SLAPD_USE_SASL={yes|<mech>},"
-echo "### with \"yes\" defaulting to DIGEST-MD5 to enable SASL authc[/authz]."
+echo "### with \"yes\" defaulting to SCRAM-SHA-256 to enable SASL authc[/authz]."
 
 if test $BACKLDAP = "ldapno" ; then 
        echo "LDAP backend not available, test skipped"
@@ -30,7 +30,7 @@ fi
 if test $WITH_SASL = "yes" ; then
        if test $USE_SASL != "no" ; then
                if test $USE_SASL = "yes" ; then
-                       MECH="DIGEST-MD5"
+                       MECH="SCRAM-SHA-256"
                else
                        MECH="$USE_SASL"
                fi

diff --git a/tests/scripts/test076-authid-rewrite b/tests/scripts/test076-authid-rewrite
index a8d8c7a7a1669a4a91df50fb0867f4ab7ae39cc7..b16cbba220cfe72d17d0341edacb4548bd0f8070 100755 (executable)
--- a/tests/scripts/test076-authid-rewrite
+++ b/tests/scripts/test076-authid-rewrite
@@ -21,8 +21,15 @@ if test $WITH_SASL = no; then
        exit 0
 fi
 
+case "$USE_SASL" in
+       ""|no|yes)
+               MECH="SCRAM-SHA-256";;
+       *)
+               MECH="$USE_SASL"
+esac
+echo "Using SASL authc[/authz] with mech=$MECH"
+
 CONFDIR=$TESTDIR/slapd.d
-MECH=DIGEST-MD5
 
 mkdir -p $TESTDIR $CONFDIR $DBDIR1