tests: Use kadmin w/ here-document to speed up tests
This commit is contained in:
Nicolas Williams
@@ -58,26 +58,21 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p foo --use-defaults foo@${R}
|
||||
modify --alias=foo-alias1@${R} --alias=foo-alias2@${R} foo@${R}
|
||||
add -p foo --use-defaults bar@${R}
|
||||
add_alias bar@${R} bar-alias1@${R} bar-alias2@${R}
|
||||
add_alias bar@${R} bar-alias4@${R} bar-alias3@${R}
|
||||
EOF
|
||||
|
||||
echo "Adding foo"
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
${kadmin} modify --alias=foo-alias1@${R} --alias=foo-alias2@${R} foo@${R} || exit 1
|
||||
|
||||
echo "Adding bar"
|
||||
${kadmin} add -p foo --use-defaults bar@${R} || exit 1
|
||||
${kadmin} add_alias bar@${R} bar-alias1@${R} bar-alias2@${R} || exit 1
|
||||
${kadmin} add_alias bar@${R} bar-alias4@${R} bar-alias3@${R} || exit 1
|
||||
${kadmin} get -o principal bar@${R} | grep "Principal:.bar@${R}" >/dev/null || exit 1
|
||||
${kadmin} get -o principal bar-alias1@${R} | grep "Principal:.bar@${R}" >/dev/null || exit 1
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias1@${R}" >/dev/null || exit 1
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias2@${R}" >/dev/null || exit 1
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias3@${R}" >/dev/null || exit 1
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias4@${R}" >/dev/null || exit 1
|
||||
${kadmin} get -o principal bar@${R} | grep "Principal:.bar@${R}" >/dev/null
|
||||
${kadmin} get -o principal bar-alias1@${R} | grep "Principal:.bar@${R}" >/dev/null
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias1@${R}" >/dev/null
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias2@${R}" >/dev/null
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias3@${R}" >/dev/null
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias4@${R}" >/dev/null
|
||||
|
||||
echo "Baz does not exists"
|
||||
|
||||
@@ -98,9 +93,11 @@ ${kadmin} delete bar-alias1${R} 2>/dev/null && exit 1
|
||||
${kadmin} delete baz-alias1${R} 2>/dev/null && exit 1
|
||||
|
||||
echo "Delete aliases with del_alias (must succeed)"
|
||||
${kadmin} del_alias bar-alias2@${R} bar-alias3@${R} bar-alias4@${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
del_alias bar-alias2@${R} bar-alias3@${R} bar-alias4@${R}
|
||||
EOF
|
||||
${kadmin} get -o principal bar@${R} | grep "Principal:.bar@${R}" >/dev/null || exit 1
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias1@${R}" >/dev/null || exit 1
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias1@${R}" >/dev/null|| exit 1
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias2@${R}" >/dev/null && exit 1
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias3@${R}" >/dev/null && exit 1
|
||||
${kadmin} get -o aliases bar@${R} | grep "Aliases:.*bar-alias4@${R}" >/dev/null && exit 1
|
||||
@@ -111,9 +108,11 @@ ${kadmin} delete bar@${R} 2>/dev/null && exit 1
|
||||
${kadmin} delete baz@${R} 2>/dev/null && exit 1
|
||||
|
||||
echo "Add alias to deleted name"
|
||||
${kadmin} modify --alias=bar-alias1@${R} foo@${R} || exit 1
|
||||
${kadmin} modify --alias=bar@${R} foo@${R} || exit 1
|
||||
${kadmin} modify --alias=bar@${R} --alias=baz@${R} foo@${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
modify --alias=bar-alias1@${R} foo@${R}
|
||||
modify --alias=bar@${R} foo@${R}
|
||||
modify --alias=bar@${R} --alias=baz@${R} foo@${R}
|
||||
EOF
|
||||
${kadmin} get -o principal foo@${R} | grep "Principal:.foo@${R}" >/dev/null || exit 1
|
||||
${kadmin} get -o principal bar@${R} | grep "Principal:.foo@${R}" >/dev/null || exit 1
|
||||
${kadmin} get -o principal baz@${R} | grep "Principal:.foo@${R}" >/dev/null || exit 1
|
||||
@@ -124,9 +123,11 @@ ${kadmin} get bar-alias1@${R} 2>/dev/null && exit 1
|
||||
|
||||
echo "Rename over self alias key"
|
||||
${kadmin} rename foo@${R} foo-alias1@${R} 2>/dev/null && exit 1
|
||||
${kadmin} modify --alias= foo@${R} || exit 1
|
||||
${kadmin} rename foo@${R} foo-alias1@${R} || exit 1
|
||||
${kadmin} modify --alias=foo foo-alias1@${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
modify --alias= foo@${R}
|
||||
rename foo@${R} foo-alias1@${R}
|
||||
modify --alias=foo foo-alias1@${R}
|
||||
EOF
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
|
||||
@@ -76,22 +76,17 @@ rm -f mkey.file*
|
||||
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
echo upw > ${objdir}/foopassword
|
||||
|
||||
${kadmin} add -p upw --use-defaults user@${R} || exit 1
|
||||
${kadmin} add -p upw --use-defaults another@${R} || exit 1
|
||||
${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
echo Creating database
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p upw --use-defaults user@${R}
|
||||
add -p upw --use-defaults another@${R}
|
||||
add -p p1 --use-defaults host/host.test.h5l.se@${R}
|
||||
ext -k ${keytab} host/host.test.h5l.se@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
echo Starting kdc
|
||||
${kdc} --detach --testing || { echo "kdc failed to start"; cat messages.log; exit 1; }
|
||||
|
||||
@@ -76,41 +76,33 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
# add both lucid and lucid.test.h5l.se to simulate aliases
|
||||
${kadmin} add -p p1 --use-defaults host/lucid.test.h5l.se@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} host/lucid.test.h5l.se@${R} || exit 1
|
||||
|
||||
${kadmin} add -p p1 --use-defaults host/ok-delegate.test.h5l.se@${R} || exit 1
|
||||
${kadmin} mod --attributes=+ok-as-delegate host/ok-delegate.test.h5l.se@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} host/ok-delegate.test.h5l.se@${R} || exit 1
|
||||
|
||||
|
||||
${kadmin} add -p p1 --use-defaults host/short@${R} || exit 1
|
||||
${kadmin} mod --alias=host/long.test.h5l.se@${R} host/short@${R} || exit 1
|
||||
# XXX ext should ext aliases too
|
||||
${kadmin} ext -k ${keytab} host/short@${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p p1 --use-defaults host/lucid.test.h5l.se@${R}
|
||||
ext -k ${keytab} host/lucid.test.h5l.se@${R}
|
||||
add -p p1 --use-defaults host/ok-delegate.test.h5l.se@${R}
|
||||
mod --attributes=+ok-as-delegate host/ok-delegate.test.h5l.se@${R}
|
||||
ext -k ${keytab} host/ok-delegate.test.h5l.se@${R}
|
||||
add -p p1 --use-defaults host/short@${R}
|
||||
mod --alias=host/long.test.h5l.se@${R} host/short@${R}
|
||||
ext -k ${keytab} host/short@${R}
|
||||
EOF
|
||||
${ktutil} -k ${keytab} rename --no-delete host/short@${R} host/long.test.h5l.se@${R} || exit 1
|
||||
|
||||
${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
|
||||
|
||||
${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
|
||||
${kadmin} mod --alias=user1.alias user1@${R} || exit 1
|
||||
|
||||
# Create a server principal with no AES
|
||||
${kadmin} add -p p1 --use-defaults host/no-aes.test.h5l.se@${R} || exit 1
|
||||
${kadmin} get host/no-aes.test.h5l.se@${R} > tempfile || exit 1
|
||||
${kadmin} del_enctype host/no-aes.test.h5l.se@${R} \
|
||||
aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96 || exit 1
|
||||
${kadmin} ext -k ${keytab} host/no-aes.test.h5l.se@${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
add -p kaka --use-defaults digest/${R}@${R}
|
||||
add -p u1 --use-defaults user1@${R}
|
||||
mod --alias=user1.alias user1@${R}
|
||||
add -p p1 --use-defaults host/no-aes.test.h5l.se@${R}
|
||||
del_enctype host/no-aes.test.h5l.se@${R} aes256-cts-hmac-sha1-96 aes128-cts-hmac-sha1-96
|
||||
ext -k ${keytab} host/no-aes.test.h5l.se@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} get host/no-aes.test.h5l.se@${R} > tempfile || exit 1
|
||||
|
||||
echo u1 > ${objdir}/foopassword
|
||||
|
||||
|
||||
@@ -70,27 +70,16 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
# Test virtual principals, why not
|
||||
${kadmin} add_ns --key-rotation-epoch=now \
|
||||
--key-rotation-period=15m \
|
||||
--max-ticket-life=10d \
|
||||
--max-renewable-life=20d \
|
||||
--attributes= \
|
||||
"_/test.h5l.se@${R}" || exit 1
|
||||
${kadmin} ext -k ${keytab} host/n1.test.h5l.se@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} host/n2.test.h5l.se@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} host/n3.test.h5l.se@${R} || exit 1
|
||||
|
||||
${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add_ns --key-rotation-epoch=now --key-rotation-period=15m --max-ticket-life=10d --max-renewable-life=20d --attributes= "_/test.h5l.se@${R}"
|
||||
ext -k ${keytab} host/n1.test.h5l.se@${R}
|
||||
ext -k ${keytab} host/n2.test.h5l.se@${R}
|
||||
ext -k ${keytab} host/n3.test.h5l.se@${R}
|
||||
add -p u1 --use-defaults user1@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
kdcpid=
|
||||
n1pid=
|
||||
|
||||
@@ -77,21 +77,15 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
echo upw > ${objdir}/foopassword
|
||||
|
||||
${kadmin} add -p upw --use-defaults user@${R} || exit 1
|
||||
${kadmin} add -p upw --use-defaults another@${R} || exit 1
|
||||
${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p upw --use-defaults user@${R}
|
||||
add -p upw --use-defaults another@${R}
|
||||
add -p p1 --use-defaults host/host.test.h5l.se@${R}
|
||||
ext -k ${keytab} host/host.test.h5l.se@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
echo Starting kdc
|
||||
${kdc} --detach --testing || { echo "kdc failed to start"; cat messages.log; exit 1; }
|
||||
|
||||
@@ -84,24 +84,16 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
|
||||
|
||||
${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
|
||||
|
||||
${kadmin} add -p ds --use-defaults digestserver@${R} || exit 1
|
||||
${kadmin} modify --attributes=+allow-digest digestserver@${R} || exit 1
|
||||
|
||||
${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p p1 --use-defaults host/host.test.h5l.se@${R}
|
||||
ext -k ${keytab} host/host.test.h5l.se@${R}
|
||||
add -p kaka --use-defaults digest/${R}@${R}
|
||||
add -p ds --use-defaults digestserver@${R}
|
||||
modify --attributes=+allow-digest digestserver@${R}
|
||||
add -p u1 --use-defaults user1@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
echo u1 > ${objdir}/foopassword
|
||||
echo ds > ${objdir}/barpassword
|
||||
|
||||
@@ -83,24 +83,16 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} add -p p1 --use-defaults host/host.test.h5l.se@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} host/host.test.h5l.se@${R} || exit 1
|
||||
|
||||
${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
|
||||
|
||||
${kadmin} add -p ds --use-defaults digestserver@${R} || exit 1
|
||||
${kadmin} modify --attributes=+allow-digest digestserver@${R} || exit 1
|
||||
|
||||
${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p p1 --use-defaults host/host.test.h5l.se@${R}
|
||||
ext -k ${keytab} host/host.test.h5l.se@${R}
|
||||
add -p kaka --use-defaults digest/${R}@${R}
|
||||
add -p ds --use-defaults digestserver@${R}
|
||||
modify --attributes=+allow-digest digestserver@${R}
|
||||
add -p u1 --use-defaults user1@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
echo u1 > ${objdir}/foopassword
|
||||
echo ds > ${objdir}/barpassword
|
||||
|
||||
@@ -68,33 +68,29 @@ rm -f mkey.file*
|
||||
echo "Creating database"
|
||||
initflags="init --realm-max-ticket-life=1day --realm-max-renewable-life=1month"
|
||||
|
||||
${kadmin} ${initflags} ${R1} || exit 1
|
||||
${kadmin} ${initflags} ${R2} || exit 1
|
||||
${kadmin} ${initflags} ${R3} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults foo@${R1} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${R1}@${R2} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R2}@${R1} || exit 1
|
||||
${kadmin} add -p cross3 --use-defaults krbtgt/${R3}@${R1} || exit 1
|
||||
${kadmin} add -p cross4 --use-defaults krbtgt/${R1}@${R3} || exit 1
|
||||
${kadmin} add -p cross5 --use-defaults krbtgt/${R3}@${R2} || exit 1
|
||||
${kadmin} add -p cross6 --use-defaults krbtgt/${R2}@${R3} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults host/t1@${R1} || exit 1
|
||||
${kadmin} add -p foo --use-defaults host/t2@${R2} || exit 1
|
||||
${kadmin} add -p foo --use-defaults host/t3@${R3} || exit 1
|
||||
${kadmin} add -p foo --use-defaults host/t11.test1.h5l.se@${R1} || exit 1
|
||||
${kadmin} add -p foo --use-defaults host/t12.test1.h5l.se@${R2} || exit 1
|
||||
${kadmin} add -p foo --use-defaults host/t22.test2.h5l.se@${R2} || exit 1
|
||||
${kadmin} add -p foo --use-defaults host/t23.test2.h5l.se@${R3} || exit 1
|
||||
${kadmin} add -p foo --use-defaults host/t33.test3.h5l.se@${R3} || exit 1
|
||||
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R1} || exit 1
|
||||
${kadmin} check ${R2} || exit 1
|
||||
${kadmin} check ${R3} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
${initflags} ${R1}
|
||||
${initflags} ${R2}
|
||||
${initflags} ${R3}
|
||||
add -p foo --use-defaults foo@${R1}
|
||||
add -p cross1 --use-defaults krbtgt/${R1}@${R2}
|
||||
add -p cross2 --use-defaults krbtgt/${R2}@${R1}
|
||||
add -p cross3 --use-defaults krbtgt/${R3}@${R1}
|
||||
add -p cross4 --use-defaults krbtgt/${R1}@${R3}
|
||||
add -p cross5 --use-defaults krbtgt/${R3}@${R2}
|
||||
add -p cross6 --use-defaults krbtgt/${R2}@${R3}
|
||||
add -p foo --use-defaults host/t1@${R1}
|
||||
add -p foo --use-defaults host/t2@${R2}
|
||||
add -p foo --use-defaults host/t3@${R3}
|
||||
add -p foo --use-defaults host/t11.test1.h5l.se@${R1}
|
||||
add -p foo --use-defaults host/t12.test1.h5l.se@${R2}
|
||||
add -p foo --use-defaults host/t22.test2.h5l.se@${R2}
|
||||
add -p foo --use-defaults host/t23.test2.h5l.se@${R3}
|
||||
add -p foo --use-defaults host/t33.test3.h5l.se@${R3}
|
||||
check ${R1}
|
||||
check ${R2}
|
||||
check ${R3}
|
||||
EOF
|
||||
|
||||
echo foo > ${objdir}/foopassword
|
||||
|
||||
|
||||
@@ -69,19 +69,14 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults bar@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p foo --use-defaults foo@${R}
|
||||
add -p foo --use-defaults bar@${R}
|
||||
add -p kaka --use-defaults ${server}@${R}
|
||||
ext -k ${keytab} ${server}@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
echo foo > ${objdir}/foopassword
|
||||
|
||||
|
||||
@@ -72,32 +72,27 @@ rm -f mkey.file*
|
||||
echo Creating database
|
||||
initflags="init --realm-max-ticket-life=1day --realm-max-renewable-life=1month"
|
||||
|
||||
${kadmin} ${initflags} ${R} || exit 1
|
||||
${kadmin} ${initflags} ${R2} || exit 1
|
||||
${kadmin} ${initflags} ${R3} || exit 1
|
||||
${kadmin} ${initflags} ${R4} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R3}@${R2} || exit 1
|
||||
${kadmin} add -p cross3 --use-defaults krbtgt/${R4}@${R3} || exit 1
|
||||
|
||||
${kadmin} modify --attributes=+ok-as-delegate krbtgt/${R2}@${R} || exit 1
|
||||
${kadmin} modify --attributes=+ok-as-delegate krbtgt/${R3}@${R2} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults host/server.test3.h5l.se@${R3} || exit 1
|
||||
${kadmin} modify --attributes=+ok-as-delegate host/server.test3.h5l.se@${R3} || exit 1
|
||||
${kadmin} add -p foo --use-defaults host/noserver.test3.h5l.se@${R3} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults host/server.test4.h5l.se@${R4} || exit 1
|
||||
${kadmin} modify --attributes=+ok-as-delegate host/server.test4.h5l.se@${R4} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} check ${R2} || exit 1
|
||||
${kadmin} check ${R3} || exit 1
|
||||
${kadmin} check ${R4} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
${initflags} ${R}
|
||||
${initflags} ${R2}
|
||||
${initflags} ${R3}
|
||||
${initflags} ${R4}
|
||||
add -p foo --use-defaults foo@${R}
|
||||
add -p cross1 --use-defaults krbtgt/${R2}@${R}
|
||||
add -p cross2 --use-defaults krbtgt/${R3}@${R2}
|
||||
add -p cross3 --use-defaults krbtgt/${R4}@${R3}
|
||||
modify --attributes=+ok-as-delegate krbtgt/${R2}@${R}
|
||||
modify --attributes=+ok-as-delegate krbtgt/${R3}@${R2}
|
||||
add -p foo --use-defaults host/server.test3.h5l.se@${R3}
|
||||
modify --attributes=+ok-as-delegate host/server.test3.h5l.se@${R3}
|
||||
add -p foo --use-defaults host/noserver.test3.h5l.se@${R3}
|
||||
add -p foo --use-defaults host/server.test4.h5l.se@${R4}
|
||||
modify --attributes=+ok-as-delegate host/server.test4.h5l.se@${R4}
|
||||
check ${R}
|
||||
check ${R2}
|
||||
check ${R3}
|
||||
check ${R4}
|
||||
EOF
|
||||
|
||||
echo foo > ${objdir}/foopassword
|
||||
|
||||
|
||||
@@ -70,28 +70,17 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R2} || exit 1
|
||||
|
||||
${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults ${afsserver}@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults ${hostserver}@${R} || exit 1
|
||||
${kadmin} add_enctype -r ${afsserver}@${R} des-cbc-crc || exit 1
|
||||
${kadmin} add_enctype -r ${hostserver}@${R} des-cbc-crc || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R2}
|
||||
cpw -r krbtgt/${R}@${R}
|
||||
add -p foo --use-defaults foo@${R}
|
||||
add -p kaka --use-defaults ${afsserver}@${R}
|
||||
add -p kaka --use-defaults ${hostserver}@${R}
|
||||
add_enctype -r ${afsserver}@${R} des-cbc-crc
|
||||
add_enctype -r ${hostserver}@${R} des-cbc-crc
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
echo foo > ${objdir}/foopassword
|
||||
|
||||
|
||||
@@ -76,20 +76,15 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} add -p $userpassword --use-defaults ${username}@${R} || exit 1
|
||||
${kadmin} add -p $password --use-defaults ${server}@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
|
||||
${kadmin} modify --attributes=+allow-digest ${server}@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p $userpassword --use-defaults ${username}@${R}
|
||||
add -p $password --use-defaults ${server}@${R}
|
||||
add -p kaka --use-defaults digest/${R}@${R}
|
||||
modify --attributes=+allow-digest ${server}@${R}
|
||||
ext -k ${keytab} ${server}@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
echo $password > ${objdir}/foopassword
|
||||
|
||||
|
||||
@@ -71,17 +71,12 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults ${server}@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p foo --use-defaults foo@${R}
|
||||
add -p foo --use-defaults ${server}@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
echo foo > ${objdir}/foopassword
|
||||
echo bar > ${objdir}/barpassword
|
||||
|
||||
@@ -225,18 +225,14 @@ rm -f messages.log messages.log
|
||||
> messages.log2
|
||||
|
||||
echo Creating database
|
||||
${kadmin} -l \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} -l add -p foo --use-defaults user@${R} || exit 1
|
||||
|
||||
${kadmin} -l add --random-key --use-defaults iprop/localhost@${R} || exit 1
|
||||
${kadmin} -l ext -k ${keytab} iprop/localhost@${R} || exit 1
|
||||
${kadmin} -l add --random-key --use-defaults iprop/slave.test.h5l.se@${R} || exit 1
|
||||
${kadmin} -l ext -k ${keytab} iprop/slave.test.h5l.se@${R} || exit 1
|
||||
${kadmin} -l <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p foo --use-defaults user@${R}
|
||||
add --random-key --use-defaults iprop/localhost@${R}
|
||||
ext -k ${keytab} iprop/localhost@${R}
|
||||
add --random-key --use-defaults iprop/slave.test.h5l.se@${R}
|
||||
ext -k ${keytab} iprop/slave.test.h5l.se@${R}
|
||||
EOF
|
||||
|
||||
echo foo > ${objdir}/foopassword
|
||||
|
||||
|
||||
@@ -73,26 +73,23 @@ rm -f messages.log
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} -l \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} -l add -p "$foopassword" --use-defaults foo/admin@${R} || exit 1
|
||||
${kadmin} -l add -p "$foopassword" --use-defaults bar@${R} || exit 1
|
||||
${kadmin} -l add -p "$foopassword" --use-defaults baz@${R} || exit 1
|
||||
${kadmin} -l add -p "$foopassword" --use-defaults bez@${R} || exit 1
|
||||
${kadmin} -l add -p "$foopassword" --use-defaults fez@${R} || exit 1
|
||||
${kadmin} -l add -p "$foopassword" --use-defaults hasalias@${R} || exit 1
|
||||
${kadmin} -l add -p "$foopassword" --use-defaults pkinit@${R} || exit 1
|
||||
${kadmin} -l modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" pkinit@${R} || exit 1
|
||||
${kadmin} -l add -p "$foopassword" --use-defaults prune@${R} || exit 1
|
||||
${kadmin} -l cpw --keepold --random-key prune@${R} || exit 1
|
||||
${kadmin} -l cpw --keepold --random-key prune@${R} || exit 1
|
||||
${kadmin} -l add -p "$foopassword" --use-defaults pruneall@${R} || exit 1
|
||||
${kadmin} -l cpw --pruneall --random-key pruneall@${R} || exit 1
|
||||
${kadmin} -l cpw --pruneall --random-key pruneall@${R} || exit 1
|
||||
${kadmin} -l <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p "$foopassword" --use-defaults foo/admin@${R}
|
||||
add -p "$foopassword" --use-defaults bar@${R}
|
||||
add -p "$foopassword" --use-defaults baz@${R}
|
||||
add -p "$foopassword" --use-defaults bez@${R}
|
||||
add -p "$foopassword" --use-defaults fez@${R}
|
||||
add -p "$foopassword" --use-defaults hasalias@${R}
|
||||
add -p "$foopassword" --use-defaults pkinit@${R}
|
||||
modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" pkinit@${R}
|
||||
add -p "$foopassword" --use-defaults prune@${R}
|
||||
cpw --keepold --random-key prune@${R}
|
||||
cpw --keepold --random-key prune@${R}
|
||||
add -p "$foopassword" --use-defaults pruneall@${R}
|
||||
cpw --pruneall --random-key pruneall@${R}
|
||||
cpw --pruneall --random-key pruneall@${R}
|
||||
EOF
|
||||
|
||||
echo "$foopassword" > ${objdir}/foopassword
|
||||
|
||||
|
||||
@@ -113,218 +113,143 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R2}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R3}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R4}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R6}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R7}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R8}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${H1}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${H2}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${H3}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${H4}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${RH}
|
||||
cpw -r krbtgt/${R}@${R}
|
||||
cpw -r krbtgt/${R}@${R}
|
||||
cpw -r krbtgt/${R}@${R}
|
||||
cpw -r krbtgt/${R}@${R}
|
||||
add -p foo --use-defaults foo@${R}
|
||||
add -p foo --use-defaults foo/host.${r}@${R}
|
||||
add -p foo --use-defaults foo@${R2}
|
||||
add -p foo --use-defaults foo@${R3}
|
||||
add -p foo --use-defaults foo@${R4}
|
||||
add -p foo --use-defaults foo@${R6}
|
||||
add -p foo --use-defaults foo@${R7}
|
||||
add -p foo --use-defaults foo@${R8}
|
||||
add -p foo --use-defaults foo@${H1}
|
||||
add -p foo --use-defaults foo/host.${h1}@${H1}
|
||||
add -p foo --use-defaults foo@${H2}
|
||||
add -p foo --use-defaults foo/host.${h2}@${H2}
|
||||
add -p foo --use-defaults foo@${H3}
|
||||
add -p foo --use-defaults foo/host.${h3}@${H3}
|
||||
add -p foo --use-defaults foo@${H4}
|
||||
add -p foo --use-defaults foo/host.${h4}@${H4}
|
||||
add -p bar --use-defaults bar@${R}
|
||||
add -p foo --use-defaults remove@${R}
|
||||
add -p nop --use-defaults ${server}@${R}
|
||||
cpw -p bla --keepold ${server}@${R}
|
||||
cpw -p kaka --keepold ${server}@${R}
|
||||
add -p kaka --use-defaults ${server}-des3@${R}
|
||||
add -p kaka --use-defaults kt-des3@${R}
|
||||
add -p kaka --use-defaults foo/des3-only@${R}
|
||||
add -p kaka --use-defaults bar/des3-only@${R}
|
||||
add -p kaka --use-defaults foo/aes-only@${R}
|
||||
add -p sens --use-defaults --attributes=disallow-forwardable sensitive@${R}
|
||||
add -p foo --use-defaults ${ps}
|
||||
modify --attributes=+trusted-for-delegation ${ps}
|
||||
modify --constrained-delegation=${server} ${ps}
|
||||
ext -k ${keytab} ${server}@${R}
|
||||
ext -k ${keytab} ${ps}
|
||||
add -p kaka --use-defaults ${server2}@${R2}
|
||||
ext -k ${keytab} ${server2}@${R2}
|
||||
add -p foo --use-defaults WELLKNOWN/REFERRALS/TARGET@${R5}
|
||||
add_alias WELLKNOWN/REFERRALS/TARGET@${R5} ${server3}@${R}
|
||||
add_alias WELLKNOWN/REFERRALS/TARGET@${R5} ${namespace}@${R}
|
||||
add -p kaka --use-defaults ${serverip}@${R}
|
||||
ext -k ${keytab} ${serverip}@${R}
|
||||
add -p kaka --use-defaults ${serveripname}@${R}
|
||||
ext -k ${keytab} ${serveripname}@${R}
|
||||
modify --alias=${serveripname2}@${R} ${serveripname}@${R}
|
||||
add -p foo --use-defaults remove2@${R2}
|
||||
add -p nopac --use-defaults ${server4}@${R2}
|
||||
modify --attributes=+no-auth-data-reqd ${server4}@${R2}
|
||||
ext -k ${keytab} ${server4}@${R2}
|
||||
add -p kaka --use-defaults ${alias1}@${R}
|
||||
ext -k ${keytab} ${alias1}@${R}
|
||||
modify --alias=${alias2}@${R} ${alias1}@${R}
|
||||
add -p cross1 --use-defaults krbtgt/${R2}@${R}
|
||||
modify --attributes=+no-auth-data-reqd krbtgt/${R2}@${R}
|
||||
add -p cross2 --use-defaults krbtgt/${R}@${R2}
|
||||
add -p cross1 --use-defaults krbtgt/${R3}@${R2}
|
||||
add -p cross2 --use-defaults krbtgt/${R2}@${R3}
|
||||
add -p cross1 --use-defaults krbtgt/${R4}@${R2}
|
||||
add -p cross2 --use-defaults krbtgt/${R2}@${R4}
|
||||
add -p cross1 --use-defaults krbtgt/${R4}@${R3}
|
||||
add -p cross2 --use-defaults krbtgt/${R3}@${R4}
|
||||
add -p cross1 --use-defaults krbtgt/${R7}@${R6}
|
||||
add -p cross2 --use-defaults krbtgt/${R6}@${R7}
|
||||
add -p cross1 --use-defaults krbtgt/${R8}@${R6}
|
||||
add -p cross2 --use-defaults krbtgt/${R6}@${R8}
|
||||
add -p cross1 --use-defaults krbtgt/${H1}@${R}
|
||||
add -p cross2 --use-defaults krbtgt/${R}@${H1}
|
||||
add -p cross1 --use-defaults krbtgt/${H2}@${R}
|
||||
add -p cross2 --use-defaults krbtgt/${R}@${H2}
|
||||
add -p cross1 --use-defaults krbtgt/${H3}@${H2}
|
||||
add -p cross2 --use-defaults krbtgt/${H2}@${H3}
|
||||
add -p cross1 --use-defaults krbtgt/${H3}@${H4}
|
||||
add -p cross2 --use-defaults krbtgt/${H4}@${H3}
|
||||
add -p foo --use-defaults pw-expire@${R}
|
||||
modify --pw-expiration-time=+1day pw-expire@${R}
|
||||
add -p foo --use-defaults pw-expired@${R}
|
||||
modify --pw-expiration-time=2012-06-12 pw-expired@${R}
|
||||
add -p foo --use-defaults account-expired@${R}
|
||||
modify --expiration-time=2012-06-12 account-expired@${R}
|
||||
add -p foo --use-defaults foo@${RH}
|
||||
EOF
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R2} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R3} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R4} || exit 1
|
||||
|
||||
${kadmin5} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R5} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R6} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R7} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R8} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${H1} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${H2} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${H3} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${H4} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${RH} || exit 1
|
||||
|
||||
${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
|
||||
${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
|
||||
${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
|
||||
${kadmin} cpw -r krbtgt/${R}@${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo/host.${r}@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${R2} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${R3} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${R4} || exit 1
|
||||
${kadmin5} add -p foo --use-defaults foo@${R5} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${R6} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${R7} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${R8} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${H1} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo/host.${h1}@${H1} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${H2} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo/host.${h2}@${H2} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${H3} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo/host.${h3}@${H3} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${H4} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo/host.${h4}@${H4} || exit 1
|
||||
${kadmin} add -p bar --use-defaults bar@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults remove@${R} || exit 1
|
||||
${kadmin} add -p nop --use-defaults ${server}@${R} || exit 1
|
||||
${kadmin} cpw -p bla --keepold ${server}@${R} || exit 1
|
||||
${kadmin} cpw -p kaka --keepold ${server}@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults ${server}-des3@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults kt-des3@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults foo/des3-only@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults bar/des3-only@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults foo/aes-only@${R} || exit 1
|
||||
|
||||
${kadmin} add -p sens --use-defaults --attributes=disallow-forwardable sensitive@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults ${ps} || exit 1
|
||||
${kadmin} modify --attributes=+trusted-for-delegation ${ps} || exit 1
|
||||
${kadmin} modify --constrained-delegation=${server} ${ps} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${ps} || exit 1
|
||||
${kadmin5} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R5}
|
||||
add -p foo --use-defaults foo@${R5}
|
||||
add -p kaka --use-defaults ${server3}@${R5}
|
||||
ext -k ${keytab} ${server3}@${R5}
|
||||
add -p kaka --use-defaults ${server5}@${R5}
|
||||
ext -k ${keytab} ${server5}@${R5}
|
||||
EOF
|
||||
|
||||
# Note: rps is not trusted-for-delegation
|
||||
${kadmin} add -p foo --use-defaults ${rps} || exit 1
|
||||
${kadmin} modify --constrained-delegation=${server} ${rps} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${rps} || exit 1
|
||||
|
||||
${kadmin} add -p kaka --use-defaults ${server2}@${R2} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${server2}@${R2} || exit 1
|
||||
${kadmin} add -p foo --use-defaults WELLKNOWN/REFERRALS/TARGET@${R5} || exit 1
|
||||
${kadmin} add_alias WELLKNOWN/REFERRALS/TARGET@${R5} ${server3}@${R} || exit 1
|
||||
${kadmin5} add -p kaka --use-defaults ${server3}@${R5} || exit 1
|
||||
${kadmin5} ext -k ${keytab} ${server3}@${R5} || exit 1
|
||||
${kadmin} add_alias WELLKNOWN/REFERRALS/TARGET@${R5} ${namespace}@${R} || exit 1
|
||||
${kadmin5} add -p kaka --use-defaults ${server5}@${R5} || exit 1
|
||||
${kadmin5} ext -k ${keytab} ${server5}@${R5} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults ${serverip}@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${serverip}@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults ${serveripname}@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${serveripname}@${R} || exit 1
|
||||
${kadmin} modify --alias=${serveripname2}@${R} ${serveripname}@${R}
|
||||
${kadmin} add -p foo --use-defaults remove2@${R2} || exit 1
|
||||
|
||||
${kadmin} add -p nopac --use-defaults ${server4}@${R2} || exit 1
|
||||
${kadmin} modify --attributes=+no-auth-data-reqd ${server4}@${R2} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${server4}@${R2} || exit 1
|
||||
|
||||
${kadmin} add -p kaka --use-defaults ${alias1}@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${alias1}@${R} || exit 1
|
||||
${kadmin} modify --alias=${alias2}@${R} ${alias1}@${R}
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
|
||||
${kadmin} modify --attributes=+no-auth-data-reqd krbtgt/${R2}@${R} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${R3}@${R2} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R2}@${R3} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${R4}@${R2} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R2}@${R4} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${R4}@${R3} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R3}@${R4} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
add -p foo --use-defaults ${rps}
|
||||
modify --constrained-delegation=${server} ${rps}
|
||||
ext -k ${keytab} ${rps}
|
||||
EOF
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${R5}@${R} || exit 1
|
||||
${kadmin5} add -p cross2 --use-defaults krbtgt/${R}@${R5} || exit 1
|
||||
|
||||
${kadmin5} add -p cross1 --use-defaults krbtgt/${R6}@${R5} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R5}@${R6} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${R7}@${R6} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R6}@${R7} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${R8}@${R6} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R6}@${R8} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${H1}@${R} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${H1} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${H2}@${R} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${H2} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${H3}@${H2} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${H2}@${H3} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${H3}@${H4} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${H4}@${H3} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults pw-expire@${R} || exit 1
|
||||
${kadmin} modify --pw-expiration-time=+1day pw-expire@${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults pw-expired@${R} || exit 1
|
||||
${kadmin} modify --pw-expiration-time=2012-06-12 pw-expired@${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults account-expired@${R} || exit 1
|
||||
${kadmin} modify --expiration-time=2012-06-12 account-expired@${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults foo@${RH} || exit 1
|
||||
|
||||
echo "Check parser"
|
||||
${kadmin} add -p foo --use-defaults -- -p || exit 1
|
||||
${kadmin} delete -- -p || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} check ${R2} || exit 1
|
||||
${kadmin} check ${R3} || exit 1
|
||||
${kadmin} check ${R4} || exit 1
|
||||
${kadmin} <<EOF
|
||||
check ${R}
|
||||
check ${R2}
|
||||
check ${R3}
|
||||
check ${R4}
|
||||
check ${R6}
|
||||
check ${R7}
|
||||
check ${R8}
|
||||
check ${H1}
|
||||
check ${H2}
|
||||
check ${H3}
|
||||
check ${H4}
|
||||
EOF
|
||||
|
||||
${kadmin5} check ${R5} || exit 1
|
||||
${kadmin} check ${R6} || exit 1
|
||||
${kadmin} check ${R7} || exit 1
|
||||
${kadmin} check ${R8} || exit 1
|
||||
${kadmin} check ${H1} || exit 1
|
||||
${kadmin} check ${H2} || exit 1
|
||||
${kadmin} check ${H3} || exit 1
|
||||
${kadmin} check ${H4} || exit 1
|
||||
|
||||
echo "Extracting enctypes"
|
||||
${ktutil} -k ${keytab} list > tempfile || exit 1
|
||||
|
||||
@@ -65,15 +65,11 @@ sed -e 's/@keys@/v5/' \
|
||||
${sedvars} < ${CIN} > ${COUT}
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults ${principal} || exit 1
|
||||
|
||||
${kadmin} cpw -p foo ${principal} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p foo --use-defaults ${principal}
|
||||
cpw -p foo ${principal}
|
||||
EOF
|
||||
|
||||
sed -e 's/@keys@/v4/' \
|
||||
${sedvars} < ${CIN} > ${COUT}
|
||||
|
||||
@@ -76,28 +76,16 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo "Creating database for $R"
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
|
||||
|
||||
echo "Creating database for ${R2}"
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R2} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults bar@${R2} || exit 1
|
||||
|
||||
echo "Doing database check for ${R} ${R2}"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} check ${R2} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p foo --use-defaults foo@${R}
|
||||
add -p kaka --use-defaults ${server}@${R}
|
||||
ext -k ${keytab} ${server}@${R}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R2}
|
||||
add -p foo --use-defaults bar@${R2}
|
||||
check ${R}
|
||||
check ${R2}
|
||||
EOF
|
||||
|
||||
echo foo > ${objdir}/foopassword
|
||||
|
||||
|
||||
@@ -96,24 +96,18 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} modify --max-ticket-life=5d krbtgt/${R}@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
${kadmin} add -p bar --use-defaults bar@${R} || exit 1
|
||||
${kadmin} add -p baz --use-defaults baz@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults host/server.test.h5l.se@${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
modify --max-ticket-life=5d krbtgt/${R}@${R}
|
||||
add -p foo --use-defaults foo@${R}
|
||||
add -p bar --use-defaults bar@${R}
|
||||
add -p baz --use-defaults baz@${R}
|
||||
add -p foo --use-defaults host/server.test.h5l.se@${R}
|
||||
modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" baz@${R}
|
||||
add -p kaka --use-defaults ${server}@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
${kadmin} modify --alias=baz2\\@test.h5l.se@${R} baz@${R} || exit 1
|
||||
${kadmin} modify --pkinit-acl="CN=baz,DC=test,DC=h5l,DC=se" baz@${R} || exit 1
|
||||
|
||||
${kadmin} add -p kaka --use-defaults ${server}@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
|
||||
# XXX Do not use committed, in-tree private keys or certificates!
|
||||
# XXX Add hxtool command to generate a private key w/o generating a CSR
|
||||
|
||||
@@ -89,59 +89,43 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R2} || exit 1
|
||||
|
||||
${kadmin} add -r --use-defaults WELLKNOWN/REFERRALS/TARGET@${R} || exit 1
|
||||
${kadmin} add -r --use-defaults WELLKNOWN/REFERRALS/TARGET@${R2} || exit 1
|
||||
|
||||
# User 'foo' gets two aliases in the same realm, and one in the other
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
${kadmin} add_alias foo@${R} foo@${R2} alias1 alias2 || exit 1
|
||||
# service1 is an alias of service2, in different realms
|
||||
# service3 and service4 get soft aliases in each other's realms
|
||||
# service6 is a hard alias of service5
|
||||
# service8 is a hard alias of service7, but in the opposite direction
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R2}
|
||||
add -r --use-defaults WELLKNOWN/REFERRALS/TARGET@${R}
|
||||
add -r --use-defaults WELLKNOWN/REFERRALS/TARGET@${R2}
|
||||
add -p foo --use-defaults foo@${R}
|
||||
add_alias foo@${R} foo@${R2} alias1 alias2
|
||||
add -p foo --use-defaults ${service2}@${R2}
|
||||
add_alias ${service2}@${R2} ${service1}@${R}
|
||||
add -p foo --use-defaults ${service3}@${R}
|
||||
add -p foo --use-defaults ${service4}@${R2}
|
||||
add_alias WELLKNOWN/REFERRALS/TARGET@${R2} ${service4}@${R}
|
||||
add_alias WELLKNOWN/REFERRALS/TARGET@${R} ${service3}@${R2}
|
||||
add -p foo --use-defaults ${service5}@${R}
|
||||
add_alias ${service5}@${R} ${service6}@${R2}
|
||||
add -p foo --use-defaults ${service7}@${R2}
|
||||
add_alias ${service5}@${R} ${service8}@${R}
|
||||
add -p foo --use-defaults bar@${R}
|
||||
add -p cross1 --use-defaults krbtgt/${R2}@${R}
|
||||
add -p cross2 --use-defaults krbtgt/${R}@${R2}
|
||||
ext -k ${keytab} krbtgt/${R}@${R}
|
||||
check ${R}
|
||||
check ${R2}
|
||||
EOF
|
||||
|
||||
${kadmin} add -p foo --use-defaults baz\\@realm.foo@${R} || exit 1
|
||||
|
||||
${kadmin} get foo@${R} | grep alias1@${R} >/dev/null || exit 1
|
||||
${kadmin} get foo@${R} | grep alias2@${R} >/dev/null || exit 1
|
||||
${kadmin} get foo@${R} | grep foo@${R2} >/dev/null || exit 1
|
||||
|
||||
# service1 is an alias of service2, in different realms
|
||||
${kadmin} add -p foo --use-defaults ${service2}@${R2} || exit 1
|
||||
${kadmin} add_alias ${service2}@${R2} ${service1}@${R} || exit 1
|
||||
${kadmin} get ${service2}@${R2} | grep ${service1}@${R} >/dev/null || exit 1
|
||||
|
||||
# service3 and service4 get soft aliases in each other's realms
|
||||
${kadmin} add -p foo --use-defaults ${service3}@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults ${service4}@${R2} || exit 1
|
||||
${kadmin} add_alias WELLKNOWN/REFERRALS/TARGET@${R2} ${service4}@${R} || exit 1
|
||||
${kadmin} add_alias WELLKNOWN/REFERRALS/TARGET@${R} ${service3}@${R2} || exit 1
|
||||
|
||||
# service6 is a hard alias of service5
|
||||
${kadmin} add -p foo --use-defaults ${service5}@${R} || exit 1
|
||||
${kadmin} add_alias ${service5}@${R} ${service6}@${R2} || exit 1
|
||||
|
||||
# service8 is a hard alias of service7, but in the opposite direction
|
||||
${kadmin} add -p foo --use-defaults ${service7}@${R2} || exit 1
|
||||
${kadmin} add_alias ${service5}@${R} ${service8}@${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults bar@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults 'baz\@realm.foo@'${R} || exit 1
|
||||
|
||||
${kadmin} add -p cross1 --use-defaults krbtgt/${R2}@${R} || exit 1
|
||||
${kadmin} add -p cross2 --use-defaults krbtgt/${R}@${R2} || exit 1
|
||||
|
||||
${kadmin} ext -k ${keytab} krbtgt/${R}@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} check ${R2} || exit 1
|
||||
|
||||
echo foo > ${objdir}/foopassword
|
||||
|
||||
echo Starting kdc ; > messages.log
|
||||
|
||||
@@ -86,16 +86,13 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults ${server}@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults foo@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} foo@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${server}@${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p foo --use-defaults ${server}@${R}
|
||||
add -p foo --use-defaults foo@${R}
|
||||
ext -k ${keytab} foo@${R}
|
||||
ext -k ${keytab} ${server}@${R}
|
||||
EOF
|
||||
|
||||
echo "password"
|
||||
${kdc_tester} ${srcdir}/kdc-tester1.json > out-log 2>&1 || exit 1
|
||||
|
||||
@@ -71,17 +71,12 @@ rm -f mkey.file*
|
||||
> messages.log
|
||||
|
||||
echo Creating database
|
||||
${kadmin} \
|
||||
init \
|
||||
--realm-max-ticket-life=1day \
|
||||
--realm-max-renewable-life=1month \
|
||||
${R} || exit 1
|
||||
|
||||
${kadmin} add -p foo --use-defaults user1@${R} || exit 1
|
||||
${kadmin} add -p foo --use-defaults user2@${R} || exit 1
|
||||
|
||||
echo "Doing database check"
|
||||
${kadmin} check ${R} || exit 1
|
||||
${kadmin} <<EOF || exit 1
|
||||
init --realm-max-ticket-life=1day --realm-max-renewable-life=1month ${R}
|
||||
add -p foo --use-defaults user1@${R}
|
||||
add -p foo --use-defaults user2@${R}
|
||||
check ${R}
|
||||
EOF
|
||||
|
||||
echo foo > ${objdir}/foopassword
|
||||
|
||||
|
||||
Reference in New Issue
Block a user