kdc: Test referrals via HDB entry aliases
When a principal name is an alias of another in a different realm, the KDC will return a referral to that realm. Test that.
This commit is contained in:
Nicolas Williams
@@ -76,6 +76,7 @@ kpasswdd="${kpasswdd} --addresses=localhost -p $pwport"
|
||||
|
||||
server=host/datan.test.h5l.se
|
||||
server2=host/computer.example.com
|
||||
server3=host/refer-me-out.test.h5l.se
|
||||
serverip=host/10.11.12.13
|
||||
serveripname=host/ip.test.h5l.org
|
||||
serveripname2=host/10.11.12.14
|
||||
@@ -234,6 +235,10 @@ ${kadmin} ext -k ${keytab} ${rps} || exit 1
|
||||
|
||||
${kadmin} add -p kaka --use-defaults ${server2}@${R2} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${server2}@${R2} || exit 1
|
||||
${kadmin} add -p foo --use-defaults referral-placeholder@${R5} || exit 1
|
||||
${kadmin} add_alias referral-placeholder@${R5} ${server3}@${R} || exit 1
|
||||
${kadmin5} add -p kaka --use-defaults ${server3}@${R5} || exit 1
|
||||
${kadmin5} ext -k ${keytab} ${server3}@${R5} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults ${serverip}@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} ${serverip}@${R} || exit 1
|
||||
${kadmin} add -p kaka --use-defaults ${serveripname}@${R} || exit 1
|
||||
@@ -432,6 +437,9 @@ echo "Getting x-realm tickets with capaths for $R -> $R6"
|
||||
${kgetcred} foo@${R6} || { ec=1 ; eval "${testfailed}"; }
|
||||
echo "Getting x-realm tickets with capaths for $R -> $R5"
|
||||
${kgetcred} foo@${R5} || { ec=1 ; eval "${testfailed}"; }
|
||||
echo "Testing HDB referral entry"
|
||||
${kgetcred} --canonicalize ${server3}@${R} || { ec=1 ; eval "${testfailed}"; }
|
||||
${klist}
|
||||
${kdestroy}
|
||||
|
||||
echo "Testing hierarchical referral logic"
|
||||
@@ -440,6 +448,8 @@ ${kinit} --password-file=${objdir}/foopassword \
|
||||
foo@${H3} || \
|
||||
{ ec=1 ; eval "${testfailed}"; }
|
||||
|
||||
echo "Getting x-realm tickets with HDB referral alias for $R1 -> $R3"
|
||||
${kgetcred} --hostbased --canonicalize foo host.${h1} || { ec=1 ; eval "${testfailed}"; }
|
||||
echo "Getting x-realm tickets with hierarchical referrals for $H3 -> $H1"
|
||||
${kgetcred} --hostbased --canonicalize foo host.${h1} || { ec=1 ; eval "${testfailed}"; }
|
||||
fgrep "cross-realm ${H3} -> ${H1} via [${H2}, ${R}]" messages.log > /dev/null || { ec=1 ; eval "${testfailed}"; }
|
||||
|
||||
Reference in New Issue
Block a user