rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity
79d8b3686a
krb5/krb5-master-spnego_error_messages.patch
Michael Calmer 03254981cb Accepting request 213903 from home:ckornacker:branches:network 
- update to version 1.12
  * Add GSSAPI extensions for constructing MIC tokens using IOV lists
  * Add a FAST OTP preauthentication module for the KDC which uses
    RADIUS to validate OTP token values.
  * The AES-based encryption types will use AES-NI instructions
    when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
  available
- update and rebase patches

OBS-URL: https://build.opensuse.org/request/show/213903
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=114
2014-01-15 14:14:20 +00:00

45 lines
1.8 KiB
Diff
Raw Blame History

commit 4faca53e3a8ee213d43da8998f6889e7bfd36248
Author: Greg Hudson <ghudson@mit.edu>
Date: Wed Dec 18 16:03:16 2013 -0500
Test SPNEGO error message in t_s4u.py
Now that #7045 is fixed, we can check for the correct error message
from t_s4u2proxy_krb5 with --spnego.
ticket: 7045
diff --git a/src/tests/gssapi/t_s4u.py b/src/tests/gssapi/t_s4u.py
index 67dc810..e4aa259 100644
--- a/src/tests/gssapi/t_s4u.py
+++ b/src/tests/gssapi/t_s4u.py
@@ -30,12 +30,12 @@ if ('auth1: ' + realm.user_princ not in output or
'NOT_ALLOWED_TO_DELEGATE' not in output):
fail('krb5 -> s4u2proxy')
-# Again with SPNEGO. Bug #7045 prevents us from checking the error
-# message, but we can at least exercise the code.
+# Again with SPNEGO.
output = realm.run(['./t_s4u2proxy_krb5', '--spnego', usercache, storagecache,
'-', pservice1, pservice2],
expected_code=1)
-if ('auth1: ' + realm.user_princ not in output):
+if ('auth1: ' + realm.user_princ not in output or
+ 'NOT_ALLOWED_TO_DELEGATE' not in output):
fail('krb5 -> s4u2proxy (SPNEGO)')
# Try krb5 -> S4U2Proxy without forwardable user creds. This should
@@ -66,10 +66,9 @@ if 'NOT_ALLOWED_TO_DELEGATE' not in output:
fail('s4u2self')
# Again with SPNEGO. This uses SPNEGO for the initial authentication,
-# but still uses krb5 for S4U2Proxy (the delegated cred is returned as
+# but still uses krb5 for S4U2Proxy--the delegated cred is returned as
# a krb5 cred, not a SPNEGO cred, and t_s4u uses the delegated cred
-# directly rather than saving and reacquiring it) so bug #7045 does
-# not apply and we can verify the error message.
+# directly rather than saving and reacquiring it.
output = realm.run(['./t_s4u', '--spnego', puser, pservice2], expected_code=1)
if 'NOT_ALLOWED_TO_DELEGATE' not in output:
fail('s4u2self')
View Git Blame Copy Permalink