From: Greg Hudson <ghudson@mit.edu>
Date: Mon, 29 Jul 2024 16:34:10 +0000 (-0400)
Subject: Restore test coverage for old session key types
X-Git-Tag: krb5-1.22-beta1~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1361%2Fhead;p=thirdparty%2Fkrb5.git

Restore test coverage for old session key types

Commit 1b57a4d134bbd0e7c52d5885a92eccc815726463 made the KDC stop
issuing des3 and rc4 session keys by default.  To make the des3 and
arcfour passes of the test suite work, it added aes256-sha1 to the
permitted enctypes for those passes.  Negotiating AES session keys
reduces coverage of pre-CFX GSSAPI code and other uses of the older
enctypes.  Instead set the enable_des3 and enable_rc4 variables.
---

diff --git a/src/util/k5test.py b/src/util/k5test.py
index f205f0ab38..f3e0045c2e 100644
--- a/src/util/k5test.py
+++ b/src/util/k5test.py
@@ -1339,14 +1339,14 @@ _passes = [
 
     # Exercise the DES3 enctype.
     ('des3', None,
-     {'libdefaults': {'permitted_enctypes': 'des3 aes256-sha1'}},
+     {'libdefaults': {'permitted_enctypes': 'des3', 'allow_des3': 'true'}},
      {'realms': {'$realm': {
                     'supported_enctypes': 'des3-cbc-sha1:normal',
                     'master_key_type': 'des3-cbc-sha1'}}}),
 
     # Exercise the arcfour enctype.
     ('arcfour', None,
-     {'libdefaults': {'permitted_enctypes': 'rc4 aes256-sha1'}},
+     {'libdefaults': {'permitted_enctypes': 'rc4', 'allow_rc4': 'true'}},
      {'realms': {'$realm': {
                     'supported_enctypes': 'arcfour-hmac:normal',
                     'master_key_type': 'arcfour-hmac'}}}),