oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

kadmin: Add disallow-client attribute

Browse Source 
This is useful for services that need not be clients.  For example, an
untrusted service that need only accept authentication from clients,
but not initiate authentication to other services.
This commit is contained in:
Nicolas Williams
2021-06-22 12:59:01 -05:00
parent f6ac4ee864
commit ae8908bf81
6 changed files with 37 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/kdc/check-kdc.in
View File

@@ -361,6 +361,7 @@ trap "kill -9 ${kdcpid} ${kpasswddpid}; echo signal killing kdc kpasswdd; exit 1
ec=0
echo "Getting client initial tickets with wrong password"; > messages.log
${kadmin} modify --attributes=+disallow-client ${server} || exit 1
${kinit} --password-file=${objdir}/notfoopassword \
foo@${R} 2>kinit-log.tmp && \
{ ec=1 ; eval "${testfailed}"; }
@@ -626,6 +627,8 @@ done
${kdestroy}
echo "Getting server initial tickets"; > messages.log
${kinit} --keytab=${keytab} ${server}@$R && { ec=1 ; eval "${testfailed}"; }
${kadmin} modify --attributes=-disallow-client ${server} || exit 1
${kinit} --keytab=${keytab} ${server}@$R || { ec=1 ; eval "${testfailed}"; }
echo "Listing tickets"; > messages.log
${klist} | grep "Principal: ${server}" > /dev/null || \