oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

tests: add S4U2Proxy test with foreign client

Browse Source 
Add S4U2Proxy test with foreign client and evidence ticket acquired via TGS
This commit is contained in:
Isaac Boukris
2021-08-13 14:22:43 +03:00
committed by Luke Howard
parent 7645f3c086
commit 1ae7c61ef7
1 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
tests/kdc/check-kdc.in
View File

@@ -874,6 +874,22 @@ ${kgetcred} \
bar@${R} 2>/dev/null && \ bar@${R} 2>/dev/null && \
{ ec=1 ; eval "${testfailed}"; } { ec=1 ; eval "${testfailed}"; }
echo "test constrained delegation with foreign client (evidence from TGS)"; > messages.log
# We can't test foreign client with evidence from S4U2Self, since Heimdal doesn't support it yet
rm -f ocache.krb5
${kinit} --cache=${icache} --forwardable --password-file=${objdir}/foopassword foo@${R2} || \
{ ec=1 ; eval "${testfailed}"; }
${kgetcred} --cache=${icache} --out-cache=${ocache} ${ps} || \
{ ec=1 ; eval "${testfailed}"; }
${kgetcred} \
--out-cache=${o2cache} \
--delegation-credential-cache=${ocache} \
${server}@${R} || \
{ ec=1 ; eval "${testfailed}"; }
echo " try using the credential"
${test_ap_req} ${server}@${R} ${keytab} ${o2cache} || \
{ ec=1 ; eval "${testfailed}"; }
echo "test constrained delegation impersonation (non forward)"; > messages.log echo "test constrained delegation impersonation (non forward)"; > messages.log
rm -f ocache.krb5 rm -f ocache.krb5
${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} || \ ${kimpersonate} -s ${ps} -c bar@${R} -t ${aesenctype} || \