--- /dev/null
+proc doit { } {
+ global REALMNAME
+ global KLIST
+ global KINIT
+ global KDESTROY
+ global KEY
+ global KADMIN_LOCAL
+ global KTUTIL
+ global hostname
+ global tmppwd
+ global spawn_id
+ global supported_enctypes
+ global KRBIV
+ global portbase
+ global mode
+
+ set princ "expiredprinc"
+
+ # Start up the kerberos and kadmind daemons.
+ if ![start_kerberos_daemons 0] {
+ return 1
+ }
+
+ # Use kadmin to add a key.
+ if ![add_kerberos_key $princ 0] {
+ return 1
+ }
+
+ setup_kerberos_env kdc
+
+ set test "kadmin.local modprinc -expire"
+ spawn $KADMIN_LOCAL -q "modprinc -expire \"2 days ago\" $princ"
+ catch expect_after
+ expect {
+ timeout {
+ fail $test
+ }
+ eof {
+ pass $test
+ }
+ }
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat ($test)"
+ catch "close -i $spawn_id"
+
+ set test "kadmin.local -pwexpire"
+ spawn $KADMIN_LOCAL -q "modprinc -pwexpire \"2 days ago\" $princ"
+ catch expect_after
+ expect {
+ timeout {
+ fail $test
+ }
+ eof {
+ pass $test
+ }
+ }
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat ($test)"
+ catch "close -i $spawn_id"
+
+ setup_kerberos_env client
+ spawn $KINIT -5 -k -t /dev/null $princ
+ expect {
+ "entry in database has expired" {
+ pass $test
+ }
+ "Password has expired" {
+ fail "$test (inappropriate password expiration message)"
+ }
+ timeout {
+ expect eof
+ fail "$test (timeout)"
+ return 0
+ }
+ eof {
+ fail "$test (eof)"
+ return 0
+ }
+ }
+ expect eof
+ return 0
+}
+
+run_once princexpire {
+ # Set up the Kerberos files and environment.
+ if {![get_hostname] || ![setup_kerberos_files] || ![setup_kerberos_env]} {
+ return
+ }
+ # Initialize the Kerberos database. The argument tells
+ # setup_kerberos_db that it is not being called from
+ # standalone.exp.
+ if ![setup_kerberos_db 0] {
+ return
+ }
+
+ set status [catch doit msg]
+
+ stop_kerberos_daemons
+
+ if { $status != 0 } {
+ send_error "ERROR: error in pwchange.exp\n"
+ send_error "$msg\n"
+ exit 1
+ }
+}