* default.exp: Mark as unused the test passes that won't

	accomplish anything due to disabling of SUPPORT_DESMD5 in the
	code.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13869 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/tests/dejagnu/config/ChangeLog b/src/tests/dejagnu/config/ChangeLog
index b22a999a84ecdc5933af82ead2b78778af92d8ad..728b8f3d6067c5cf0a94f6b197b5e09b630782a1 100644 (file)
--- a/src/tests/dejagnu/config/ChangeLog
+++ b/src/tests/dejagnu/config/ChangeLog
@@ -1,3 +1,9 @@
+2001-10-27  Tom Yu  <tlyu@mit.edu>
+
+       * default.exp: Mark as unused the test passes that won't
+       accomplish anything due to disabling of SUPPORT_DESMD5 in the
+       code.
+
 2001-10-24  Tom Yu  <tlyu@mit.edu>
 
        * default.exp: Add support for setting SUPPORT_DESMD5 flag on the

diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp
index bae972be20c29fe7b5e5fffff2dec76fc487fb48..9c26424964e243bacfc3ddbfe215e5779d7c9032 100644 (file)
--- a/src/tests/dejagnu/config/default.exp
+++ b/src/tests/dejagnu/config/default.exp
@@ -28,23 +28,20 @@ set kdc_supported_enctypes "des-cbc-crc:normal"
 # dependency of various bugs on configuration file settings,
 # particularly with regards to encryption types.
 
-# The des.md5-tgt pass will fail if enctype similarity is inconsisent;
-# between 1.0.x and 1.1, the decrypt functions became more strict
-# about matching enctypes, while the KDB retrieval functions didn't
-# coerce the enctype to match what was requested.  It works by setting
-# SUPPORT_DESMD5 on the TGT principal, forcing an enctype of
-# des-cbc-md5 on the TGT key.  Since the database only contains a
-# des-cbc-crc key, the decrypt will fail if enctypes are not coerced.
-
 # The des.no-kdc-md5 pass will fail if the KDC does not constrain
 # session key enctypes to those in its permitted_enctypes list.  It
 # works by assuming enctype similarity, thus allowing the client to
 # request a des-cbc-md4 session key.  Since only des-cbc-crc is in the
 # KDC's permitted_enctypes list, the TGT will be unusable.
 
+# The des.des3-tgt.no-kdc-des3 pass will fail if the KDC doesn't
+# constrain ticket key enctypes to those in permitted_enctypes.  It
+# does this by not putting des3 in the permitted_enctypes, while
+# creating a TGT princpal that has a des3 key as well as a des key.
+
 # XXX -- master_key_type is fragile w.r.t. permitted_enctypes; it is
 # possible to configure things such that you have a master_key_type
-# that is not permitted, and the error message is cryptic.
+# that is not permitted, and the error message used to be cryptic.
 
 set passes {
     {
@@ -79,16 +76,6 @@ set passes {
                des-cbc-md4:normal}
        {dummy=[verbose -log "DES3 TGT, many DES3 + DES enctypes"]}
     }
-    {
-       des.md5-tgt
-       des3_krbtgt=0
-       tgt_support_desmd5=1
-       supported_enctypes=des-cbc-crc:normal
-       kdc_supported_enctypes=des-cbc-crc:normal
-       {permitted_enctypes(kdc)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
-       {permitted_enctypes(client)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
-       {dummy=[verbose -log "DES TGT, SUPPORTS_DESMD5"]}
-    }
     {
        des.no-kdc-md5
        des3_krbtgt=0
@@ -102,19 +89,6 @@ set passes {
        {dummy=[verbose -log \
                "DES TGT, KDC permitting only des-cbc-crc"]}
     }
-    {
-       des.md5-tgt.no-kdc-md5
-       des3_krbtgt=0
-       tgt_support_desmd5=1
-       {permitted_enctypes(kdc)=des-cbc-crc}
-       {default_tgs_enctypes(client)=des-cbc-crc}
-       {default_tkt_enctypes(client)=des-cbc-crc}
-       {supported_enctypes=des-cbc-crc:normal}
-       {kdc_supported_enctypes=des-cbc-crc:normal}
-       {master_key_type=des-cbc-crc}
-       {dummy=[verbose -log \
-               "DES TGT, SUPPORTS_DESMD5, KDC permitting only des-cbc-crc"]}
-    }
     {
        des.des3-tgt.no-kdc-des3
        tgt_support_desmd5=0
@@ -129,6 +103,22 @@ set passes {
     }
 }
 
+# des.md5-tgt is set as unused, since it won't trigger the error case
+# if SUPPORT_DESMD5 isn't honored.
+
+# The des.md5-tgt pass will fail if enctype similarity is inconsisent;
+# between 1.0.x and 1.1, the decrypt functions became more strict
+# about matching enctypes, while the KDB retrieval functions didn't
+# coerce the enctype to match what was requested.  It works by setting
+# SUPPORT_DESMD5 on the TGT principal, forcing an enctype of
+# des-cbc-md5 on the TGT key.  Since the database only contains a
+# des-cbc-crc key, the decrypt will fail if enctypes are not coerced.
+
+# des.no-kdc-md5.client-md4-skey is retained in unsed_passes, even
+# though des.no-kdc-md5 is roughly equivalent, since the associated
+# comment needs additional investigation at some point re the kadmin
+# client.
+
 # The des.no-kdc-md5.client-md4-skey will fail on TGS requests due to
 # the KDC issuing session keys that it won't accept.  It will also
 # fail for a kadmin client, but for different reasons, since the kadm5
@@ -138,6 +128,29 @@ set passes {
 # in the config file!
 
 set unused_passes {
+    {
+       des.md5-tgt
+       des3_krbtgt=0
+       tgt_support_desmd5=1
+       supported_enctypes=des-cbc-crc:normal
+       kdc_supported_enctypes=des-cbc-crc:normal
+       {permitted_enctypes(kdc)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
+       {permitted_enctypes(client)=des-cbc-md5 des-cbc-md4 des-cbc-crc}
+       {dummy=[verbose -log "DES TGT, SUPPORTS_DESMD5"]}
+    }
+    {
+       des.md5-tgt.no-kdc-md5
+       des3_krbtgt=0
+       tgt_support_desmd5=1
+       {permitted_enctypes(kdc)=des-cbc-crc}
+       {default_tgs_enctypes(client)=des-cbc-crc}
+       {default_tkt_enctypes(client)=des-cbc-crc}
+       {supported_enctypes=des-cbc-crc:normal}
+       {kdc_supported_enctypes=des-cbc-crc:normal}
+       {master_key_type=des-cbc-crc}
+       {dummy=[verbose -log \
+               "DES TGT, SUPPORTS_DESMD5, KDC permitting only des-cbc-crc"]}
+    }
     {
        des.no-kdc-md5.client-md4-skey
        des3_krbtgt=0