3 # Copyright (C) 2011 by the Massachusetts Institute of Technology.
6 # Export of this software from the United States of America may
7 # require a specific license from the United States Government.
8 # It is the responsibility of any person or organization contemplating
9 # export to obtain such a license before exporting.
11 # WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
12 # distribute this software and its documentation for any purpose and
13 # without fee is hereby granted, provided that the above copyright
14 # notice appear in all copies and that both that copyright notice and
15 # this permission notice appear in supporting documentation, and that
16 # the name of M.I.T. not be used in advertising or publicity pertaining
17 # to distribution of the software without specific, written prior
18 # permission. Furthermore if you modify this software you must label
19 # your software as modified software and not distribute it in such a
20 # fashion that it might be confused with the original M.I.T. software.
21 # M.I.T. makes no representations about the suitability of
22 # this software for any purpose. It is provided "as is" without express
23 # or implied warranty.
27 realm = K5Realm(start_kadmind=False)
30 realm.run_as_server(['./t_vfy_increds'])
32 # Verify after updating the keytab (so the keytab contains an outdated
33 # version 1 key followed by an up-to-date version 2 key).
34 realm.run_kadminl('ktadd ' + realm.host_princ)
35 realm.run_as_server(['./t_vfy_increds'])
37 # Bump the host key without updating the keytab and make sure that
38 # verification fails as we expect it to.
39 realm.run_kadminl('change_password -randkey ' + realm.host_princ)
40 realm.run_as_server(['./t_vfy_increds'], expected_code=1)
42 # Remove the keytab and verify again. This should succeed because
43 # verify_ap_req_nofail is not set.
44 os.remove(realm.keytab)
45 realm.run_as_server(['./t_vfy_increds'])
47 # Try with verify_ap_req_nofail set and no keytab. This should fail.
49 conf = { 'server' : { 'libdefaults' : { 'verify_ap_req_nofail' : 'true' } } }
50 realm = K5Realm(start_kadmind=False, krb5_conf=conf)
51 os.remove(realm.keytab)
52 realm.run_as_server(['./t_vfy_increds'], expected_code=1)
54 success('krb5_verify_init_creds tests')