487b6820f6
Revamp name canonicalization code
2015-03-24 11:49:58 -05:00
d9e3e376a3
tests: Add simple key history test for kdc
...
Use kadmin cpw with the --keepold parameter to create a history list.
Change-Id: I21811c840be0bd1b8dd8dc66e63f88f8da6fac7e
2015-03-14 16:08:23 -04:00
c3ddece8d4
Name canon kdc config breaks iprop
2015-03-04 17:04:20 -05:00
a220ed39eb
try using as-is name_canon_rules
2014-09-09 18:36:57 +02:00
44ba0bcd24
no need to make chmod quiet, it supposed to be already because of \
2014-08-23 19:29:04 -07:00
8504dce265
make quiet
2014-08-22 21:26:15 -07:00
a84b572747
resurrect password change support again
2014-08-22 20:19:36 -07:00
a6e136c739
make quiet
2014-02-18 08:27:00 -08:00
6a192f0dce
clean files
2014-02-16 11:53:56 -08:00
54378de6b4
add an2ln-db.txt
2014-02-16 10:05:24 -08:00
2f7eec7d2c
Add very large MIT KDB princ entry for testing
...
Constructed by doing repeated kadmin.local cpw commands with a policy
with -history 9.
2013-11-20 01:08:22 -06:00
1881980d44
spelling
2013-10-18 10:45:59 +02:00
10f3c8b56e
add possible to set rules on what enctypes to use based on glob matching on principal
2013-10-18 10:01:55 +02:00
499affd8fa
tet setting policy
2013-10-18 09:06:52 +02:00
36f22356c5
Add [manual] test of kinit cmd
...
It's not ready to always be run. First, it's slow. Second, it tortures
the system. Third, it doesn't look for signs of failure. Fourth, if it
did it'd fail: because something about the racing is causing the KDC to
think that the foo principal doesn't exist.
2013-09-12 12:14:41 -05:00
3484432cc5
clean log between test, dump log on failure
2013-07-19 14:53:22 +02:00
fdfe696821
if no db, don't check FAST
2013-06-05 20:33:29 -07:00
81263bc94c
update leaks check
2013-04-24 17:59:25 -07:00
a825143e73
The k5login_directory parameter and SYSTEM-K5LOGIN[:directory] are supposed to be directories, not path templates with %{luser} substitution
...
Signed-off-by: Love Hornquist Astrand <lha@h5l.org >
2013-04-24 16:25:59 -07:00
edae63418e
client logging too
2013-02-10 23:20:56 -08:00
da42d01d54
x
2013-02-10 21:12:34 -08:00
1adb5de80d
fix logging to be sync
2013-02-10 21:11:53 -08:00
0c2e3d94bf
default to open/write/close logging
2012-12-27 13:07:13 +01:00
ee068eaf21
note about =
2012-12-27 12:03:17 +01:00
4ebfd6b818
make sure logs are truncated
2012-10-07 11:11:17 -07:00
c707016669
scan whole logfile
2012-10-07 11:06:29 -07:00
703ae0e22d
add db-dir
2012-10-01 09:50:32 -07:00
baf748fb8e
catch better slave message now that iprop is more verbose
2012-10-01 09:36:11 -07:00
20b5e2a2c6
Make check-authz run when objdir != srcdir
2012-06-14 11:53:55 -05:00
1b3f1b57b4
Don't forget to sleep in 3DES del_enctype test.
...
On NetBSD /bin/sh with vfork() is noticeably faster than /bin/bash,
and in particular the reader manages to read the the database before
slave replication completes.
2012-05-28 16:13:14 +01:00
0cee6d1d70
Update KDB in tests/kdc so check-hdb-mitdb passes
2012-05-03 14:24:19 -05:00
2c5ec44d39
Look for auth_to_local in the default realm's realm section...
...
...rather than the authenticated principal's realm section. We do
this both to maintain compatibility with MIT and because it makes
more sense. We should likely also fix the auth_to_local_names as
cursory inspection reveals that it has the same incompatibility.
2012-04-19 23:43:12 +01:00
839ab87c10
Regression test iprop of key rollover and del_enctype
2012-03-15 18:57:35 -05:00
ca6a22276e
Test that we copy forwardable/renewable flags from TGT in TGS-REQ
2012-03-14 23:58:40 -05:00
a8c51aa594
add basic sqlite tests (from Nico)
2012-02-29 08:32:57 -08:00
bf37778dbd
make ipropd_slave tell its status in a status file
...
The ipropd_slave will log its status to /var/heimdal/ipropd-slave-status
if its connecting, up to date, or disconnected.
The master will now also confirm to slaves that are are in fact up to date
if they just restart, before there was no confirmation, the slave just didn't
get any deltas.
2012-02-15 20:59:54 -08:00
47f60928bc
Some more [capaths] testing
2012-02-07 14:02:24 -06:00
07a88f4b5a
use no-store
2012-01-10 22:54:16 +01:00
a372712fd0
test tgs-req too
2012-01-10 22:54:16 +01:00
e00b43a94b
Address code review comments (k5login/foo in EXTRA_DIST)
2011-12-10 14:06:15 -06:00
abd065be02
Add a test for krb5_kuserok()
2011-12-08 13:34:02 -06:00
b8c710a130
some more status
2011-12-03 13:36:39 -08:00
0e6bd29e44
use right directory
2011-12-03 13:36:32 -08:00
89bae59b49
Fix error clobbering bug and code review comments
2011-12-02 01:04:22 -06:00
da14596f0e
Add a test for aname2lname
2011-12-02 01:03:31 -06:00
fa304162db
test rsa mode too
2011-11-23 09:43:56 -08:00
b69246d766
use pre-generated certs/keys
2011-11-22 19:11:26 -08:00
a8e4c393ee
use pre-generated certs/keys
2011-11-22 19:11:16 -08:00
c376e869a0
kdc-tester4.json is in objdir
2011-11-22 19:01:56 -08:00
8242b14eb9
add kdc-tester3.json
2011-11-22 18:59:38 -08:00
Nicolas Williams