oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

osx: Avoid blocking the KDC in KEYCHAIN in tests

Browse Source 
If a client tries to use PKINIT we can block in the OS X keychain if no
anchors are configured.
This commit is contained in:
Nicolas Williams
2022-02-09 23:07:24 -06:00
parent 584a2d3a2b
commit 1da235c9c3
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tests/gss/krb5.conf.in
View File

@@ -18,6 +18,21 @@ include @srcdirabs@/include-krb5.conf
} }
[kdc] [kdc]
enable-digest = true
allow-anonymous = true
digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
strict-nametypes = true
synthetic_clients = true
enable_gss_preauth = true
gss_mechanisms_allowed = sanon-x25519
enable-pkinit = true
pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
pkinit_mappings_file = @srcdir@/pki-mapping
pkinit_allow_proxy_certificate = true
database = { database = {
dbname = @objdir@/current-db dbname = @objdir@/current-db
realm = TEST.H5L.SE realm = TEST.H5L.SE

15
tests/plugin/krb5.conf.in
View File

@@ -19,6 +19,21 @@
} }
[kdc] [kdc]
enable-digest = true
allow-anonymous = true
digests_allowed = chap-md5,digest-md5,ntlm-v1,ntlm-v1-session,ntlm-v2,ms-chap-v2
strict-nametypes = true
synthetic_clients = true
enable_gss_preauth = true
gss_mechanisms_allowed = sanon-x25519
enable-pkinit = true
pkinit_identity = FILE:@srcdir@/../../lib/hx509/data/kdc.crt,@srcdir@/../../lib/hx509/data/kdc.key
pkinit_anchors = FILE:@srcdir@/../../lib/hx509/data/ca.crt
pkinit_pool = FILE:@srcdir@/../../lib/hx509/data/sub-ca.crt
# pkinit_revoke = CRL:@srcdir@/../../lib/hx509/data/crl1.crl
pkinit_mappings_file = @srcdir@/pki-mapping
pkinit_allow_proxy_certificate = true
database = { database = {
dbname = @objdir@/current-db dbname = @objdir@/current-db
realm = TEST.H5L.SE realm = TEST.H5L.SE