+1999-08-31 Ken Raeburn <raeburn@mit.edu>
+
+ * default.exp (setup_kerberos_files): Set kdc_supported_enctypes
+ in kdc.conf, and include des3-cbc-sha1:normal.
+ (setup_kerberos_db): If setting up krbtgt to use des3, now use
+ only des3, not des3 and des-crc both.
+
+1999-08-30 Ken Raeburn <raeburn@raeburn.org>
+
+ * default.exp (des3_krbtgt): New variable.
+ (setup_kerberos_files): Remove des3 from supported_enctypes in
+ kdc.conf.
+ (setup_kerberos_db): If des3_krbtgt is set, change krbtgt key, and
+ get a des3 key in addition to des.
+
+1999-08-27 Ken Raeburn <raeburn@raeburn.org>
+
+ * default.exp: Set default principal expiration a bit further into
+ the future.
+
+1999-08-26 Tom Yu <tlyu@mit.edu>
+
+ * default.exp (setup_kerberos_files): Tweak enctypes entered into
+ config files to exercise 3DES a little.
+
Fri Jan 30 23:48:57 1998 Tom Yu <tlyu@mit.edu>
* default.exp: Add kpasswd_server to krb5.conf.
set stty_init {erase \^h kill \^u}
set env(TERM) dumb
+set des3_krbtgt 1
+
# We do everything in a temporary directory.
if ![file isdirectory tmpdir] {catch "exec mkdir tmpdir" status}
set conffile [open tmpdir/krb5.conf w]
puts $conffile "\[libdefaults\]"
puts $conffile " default_realm = $REALMNAME"
- puts $conffile "default_tgs_enctypes = des3-cbc-md5 des-cbc-md5 des-cbc-crc"
+ puts $conffile "default_tgs_enctypes = des-cbc-md5 des-cbc-crc"
puts $conffile ""
puts $conffile "\[realms\]"
puts $conffile " $REALMNAME = \{"
puts $conffile " max_renewable_life = 3:00:00"
puts $conffile " master_key_type = des-cbc-md5"
puts $conffile " master_key_name = master/key"
- puts $conffile " supported_enctypes = des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
+# des3-cbc-sha1:normal
+ puts $conffile " supported_enctypes = des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
+ puts $conffile " kdc_supported_enctypes = des3-cbc-sha1:normal des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
puts $conffile " kdc_ports = 3088"
- puts $conffile " default_principal_expiration = 99.12.31.23.59.59"
+ puts $conffile " default_principal_expiration = 2037.12.31.23.59.59"
puts $conffile " default_principal_flags = -postdateable forwardable"
puts $conffile " \}"
puts $conffile ""
global KEY
global tmppwd
global spawn_id
+ global des3_krbtgt
if {!$standalone && [file exists tmpdir/db.ok]} {
return 1
return 0
}
+ if $des3_krbtgt {
+ # Set the TGT key to DES3.
+ spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal
+ expect_after {
+ timeout {
+ catch "expect_after"
+ fail "kadmin.local (timeout)"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
+ }
+ return 0
+ }
+ eof {
+ catch "expect_after"
+ fail "kadmin.local (eof)"
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
+ }
+ return 0
+ }
+ }
+ expect "kadmin.local: "
+ send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r"
+ # It echos...
+ expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r"
+ expect {
+ "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { }
+ }
+ expect "kadmin.local: "
+ send "quit\r"
+ expect "\r"
+ expect_after
+ if ![check_exit_status kadmin_local] {
+ if {!$standalone} {
+ catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
+ }
+ return 0
+ }
+ }
+
if ![setup_kadmind_srvtab] {
return 0
}