des3 testing. move out principal expiration time in test db by 30 years
authorKen Raeburn <raeburn@mit.edu>
Wed, 1 Sep 1999 21:06:55 +0000 (21:06 +0000)
committerKen Raeburn <raeburn@mit.edu>
Wed, 1 Sep 1999 21:06:55 +0000 (21:06 +0000)
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@11765 dc483132-0cff-0310-8789-dd5450dbe970

src/tests/dejagnu/config/ChangeLog
src/tests/dejagnu/config/default.exp

index f464d3ee2e1382298bfcb69518a4d32573088b06..4cecec79137f8d7e7250c4e98896685d3de00317 100644 (file)
@@ -1,3 +1,28 @@
+1999-08-31  Ken Raeburn  <raeburn@mit.edu>
+
+       * default.exp (setup_kerberos_files): Set kdc_supported_enctypes
+       in kdc.conf, and include des3-cbc-sha1:normal.
+       (setup_kerberos_db): If setting up krbtgt to use des3, now use
+       only des3, not des3 and des-crc both.
+
+1999-08-30  Ken Raeburn  <raeburn@raeburn.org>
+
+       * default.exp (des3_krbtgt): New variable.
+       (setup_kerberos_files): Remove des3 from supported_enctypes in
+       kdc.conf.
+       (setup_kerberos_db): If des3_krbtgt is set, change krbtgt key, and
+       get a des3 key in addition to des.
+
+1999-08-27  Ken Raeburn  <raeburn@raeburn.org>
+
+       * default.exp: Set default principal expiration a bit further into
+       the future.
+
+1999-08-26  Tom Yu  <tlyu@mit.edu>
+
+       * default.exp (setup_kerberos_files): Tweak enctypes entered into
+       config files to exercise 3DES a little.
+
 Fri Jan 30 23:48:57 1998  Tom Yu  <tlyu@mit.edu>
 
        * default.exp: Add kpasswd_server to krb5.conf.
index c5b62619236549f412f8c06b9cff4e4195238096..6b53e35225b85046859c751e007feec1344f761f 100644 (file)
@@ -15,6 +15,8 @@ set timeout 100
 set stty_init {erase \^h kill \^u}
 set env(TERM) dumb
 
+set des3_krbtgt 1
+
 # We do everything in a temporary directory.
 if ![file isdirectory tmpdir] {catch "exec mkdir tmpdir" status}
 
@@ -309,7 +311,7 @@ proc setup_kerberos_files { } {
     set conffile [open tmpdir/krb5.conf w]
     puts $conffile "\[libdefaults\]"
     puts $conffile "   default_realm = $REALMNAME"
-    puts $conffile "default_tgs_enctypes = des3-cbc-md5 des-cbc-md5 des-cbc-crc"
+    puts $conffile "default_tgs_enctypes = des-cbc-md5 des-cbc-crc"
     puts $conffile ""
     puts $conffile "\[realms\]"
     puts $conffile "   $REALMNAME = \{"
@@ -350,9 +352,11 @@ proc setup_kerberos_files { } {
        puts $conffile "                max_renewable_life = 3:00:00"
        puts $conffile "                master_key_type = des-cbc-md5"
        puts $conffile "                master_key_name = master/key"
-       puts $conffile "                supported_enctypes = des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
+# des3-cbc-sha1:normal
+       puts $conffile "                supported_enctypes =  des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
+       puts $conffile "                kdc_supported_enctypes = des3-cbc-sha1:normal des-cbc-crc:normal des-cbc-md5:normal des-cbc-crc:v4 des-cbc-md5:norealm"
        puts $conffile "                kdc_ports = 3088"
-       puts $conffile "                default_principal_expiration = 99.12.31.23.59.59"
+       puts $conffile "                default_principal_expiration = 2037.12.31.23.59.59"
        puts $conffile "                default_principal_flags = -postdateable forwardable"
        puts $conffile "        \}"
        puts $conffile ""
@@ -579,6 +583,7 @@ proc setup_kerberos_db { standalone } {
     global KEY
     global tmppwd
     global spawn_id
+    global des3_krbtgt
 
     if {!$standalone && [file exists tmpdir/db.ok]} {
        return 1
@@ -730,6 +735,46 @@ proc setup_kerberos_db { standalone } {
        return 0
     }
 
+    if $des3_krbtgt {
+       # Set the TGT key to DES3.
+       spawn $KADMIN_LOCAL -r $REALMNAME -e des3-cbc-sha1:normal
+       expect_after {
+           timeout {
+               catch "expect_after"
+               fail "kadmin.local (timeout)"
+               if {!$standalone} {
+                   catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
+               }
+               return 0
+           }
+           eof {
+               catch "expect_after"
+               fail "kadmin.local (eof)"
+               if {!$standalone} {
+                   catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
+               }
+               return 0
+           }
+       }
+       expect "kadmin.local: "
+       send "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r"
+       # It echos...
+       expect "cpw -randkey krbtgt/$REALMNAME@$REALMNAME\r"
+       expect {
+           "Key for \"krbtgt/$REALMNAME@$REALMNAME\" randomized." { }
+       }
+       expect "kadmin.local: "
+       send "quit\r"
+       expect "\r"
+       expect_after
+       if ![check_exit_status kadmin_local] {
+           if {!$standalone} {
+               catch "exec rm -f tmpdir/db.ok tmpdir/adb.db"
+           }
+           return 0
+       }
+    }
+
     if ![setup_kadmind_srvtab] {
        return 0
     }