From: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Wed, 17 Jul 2013 17:03:59 +0000 (-0400)
Subject: Test that password preauth works without PKINIT
X-Git-Tag: krb5-1.12-alpha1~85
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=83e503ed46352734721bff6e565d2b668d7af154;p=thirdparty%2Fkrb5.git

Test that password preauth works without PKINIT

Before we test authenticated PKINIT, slip in a test to check that
password-based preauthentication still works when the KDC is offering
PKINIT, but the client has no PKINIT credentials.
---

diff --git a/src/tests/t_authpkinit.py b/src/tests/t_authpkinit.py
index a7ca66ab2d..ec7be5004e 100644
--- a/src/tests/t_authpkinit.py
+++ b/src/tests/t_authpkinit.py
@@ -61,6 +61,18 @@ def setup_dir_identities(realm):
     shutil.copy(user_pem, os.path.join(path, 'user.crt'))
     shutil.copy(user_pem, os.path.join(path_enc, 'user.crt'))
 
+# Sanity check - password-based preauth should still work.
+realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf,
+                get_creds=False)
+realm.run(['./responder',
+           '-r', 'password=%s' % password('user'),
+           'user@%s' % realm.realm])
+realm.kinit('user@%s' % realm.realm,
+            password=password('user'))
+realm.klist('user@%s' % realm.realm)
+realm.run([kvno, realm.host_princ])
+realm.stop()
+
 # Run the basic test - PKINIT with FILE: identity, with no password on the key.
 realm = K5Realm(krb5_conf=pkinit_krb5_conf, kdc_conf=pkinit_kdc_conf,
                 get_creds=False)