delegate policy
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23486 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
@@ -199,7 +199,7 @@ loop(gss_OID mechoid,
|
||||
gss_release_buffer(&min_stat, &input_token);
|
||||
gss_release_name(&min_stat, &gss_target_name);
|
||||
|
||||
if (deleg_flag) {
|
||||
if (deleg_flag || policy_deleg_flag) {
|
||||
if (server_no_deleg_flag) {
|
||||
if (*deleg_cred != GSS_C_NO_CREDENTIAL)
|
||||
errx(1, "got delegated cred but didn't expect one");
|
||||
|
@@ -83,6 +83,11 @@ ${kadmin} ext -k ${keytab} host/lucid.test.h5l.se@${R} || exit 1
|
||||
${kadmin} add -p p1 --use-defaults host/lucid@${R} || exit 1
|
||||
${kadmin} ext -k ${keytab} host/lucid@${R} || exit 1
|
||||
|
||||
${kadmin} add -p p1 --use-defaults host/ok-delegate.test.h5l.se@${R} || exit 1
|
||||
${kadmin} mod --attributes=+ok-as-delegate host/ok-delegate.test.h5l.se@${R} || exit 1
|
||||
${kadmin} get host/ok-delegate.test.h5l.se@${R} || exit 1
|
||||
|
||||
|
||||
${kadmin} add -p kaka --use-defaults digest/${R}@${R} || exit 1
|
||||
|
||||
${kadmin} add -p u1 --use-defaults user1@${R} || exit 1
|
||||
@@ -256,6 +261,29 @@ ${context} \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
|
||||
echo "ok-as-delegate not used"
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--policy-delegate \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
|
||||
echo "ok-as-delegate not used"
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--policy-delegate \
|
||||
--server-no-delegate \
|
||||
--name-type=hostbased-service host@lucid.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
|
||||
echo "ok-as-delegate used by policy"
|
||||
${context} \
|
||||
--mech-type=krb5 \
|
||||
--policy-delegate \
|
||||
--name-type=hostbased-service ok-delegate.test.h5l.se || \
|
||||
{ exitcode=1 ; echo "test failed"; }
|
||||
|
||||
|
||||
echo "Getting client initial tickets with --ok-as-delgate"
|
||||
${kinit} --ok-as-delegate --forwardable \
|
||||
--password-file=${objdir}/foopassword user1@${R} || exitcode=1
|
||||
|
Reference in New Issue
Block a user