--- /dev/null
+# Kerberos kadmin test.
+# This is a DejaGnu test script.
+# This script tests Kerberos kadmin5 using kdb5_edit as verification.
+
+# Set up the kerberos database.
+if {![get_hostname] \
+ || ![setup_kerberos_files] \
+ || ![setup_kerberos_env] \
+ || ![setup_kerberos_db 0]} {
+ return
+}
+
+# find kpasswd
+if ![info exists KPASSWD] {
+ set KPASSWD [findfile $objdir/../../kadmin/passwd/kpasswd]
+}
+
+# find kdestroy
+if ![info exists KDESTROY] {
+ set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
+}
+
+#++
+# kadmin_add - Test add new v5 principal function of kadmin.
+#
+# Adds principal $pname with password $password. Returns 1 on success.
+#--
+proc kadmin_add { pname password } {
+ global REALMNAME
+ global KADMIN
+ global KDB5_EDIT
+ global KEY
+ global spawn_id
+ global tmppwd
+
+ set good 0
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin add$pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password:" {
+ send "adminpass$KEY\r"
+ }
+ expect "Enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
+ expect "Re-enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
+ expect "Principal \"$pname@$REALMNAME\" created." { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin add)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that a principal was created and that its
+ # salt types are 0 (normal).
+ #
+ spawn $KDB5_EDIT -r $REALMNAME
+ expect_after {
+ -i $spawn_id
+ timeout {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect "kdb5_edit:" { send "show $pname\r" }
+ expect "Name: $pname@$REALMNAME" { set good 1 }
+
+ expect "Maximum life:" { verbose "got max life" }
+ expect "Maximum renewable life:" { verbose "got max rlife" }
+ expect "Expiration:" { verbose "got expiration" }
+ expect "Password expiration:" { verbose "got pw expiration" }
+ expect "Last successful password:" { verbose "last succ pw" }
+ expect "Last failed password attempt:" { verbose "last pw attempt" }
+ expect "Failed password attempts:" { verbose "num failed attempts" }
+ expect "Attributes:" { verbose "attributes" }
+ expect "Number of keys:" { verbose "num keys"}
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin add $pname"
+ return 1
+ }
+ else {
+ fail "kadmin add $pname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin add $pname"
+ return 0
+ }
+}
+
+#++
+# kadmin_add_rnd - Test add new v5 principal with random key function.
+#
+# Adds principal $pname with random key. Returns 1 on success.
+#--
+proc kadmin_add_rnd { pname } {
+ global REALMNAME
+ global KADMIN
+ global KDB5_EDIT
+ global KEY
+ global spawn_id
+ global tmppwd
+
+ set good 0
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank -randkey $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin add rnd $pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password:" {
+ send "adminpass$KEY\r"
+ }
+ expect "Principal \"$pname@$REALMNAME\" created." { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin add_rnt)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that a principal was created and that its
+ # salt types are 0 (normal).
+ #
+ spawn $KDB5_EDIT -r $REALMNAME
+ expect_after {
+ -i $spawn_id
+ timeout {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin add_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect "kdb5_edit:" { send "show $pname\r" }
+ expect "Name: $pname@$REALMNAME" { set good 1 }
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin add_rnd $pname"
+ return 1
+ }
+ else {
+ fail "kadmin add_rnd $pname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin add_rnd $pname"
+ return 0
+ }
+}
+
+#++
+# kadmin_show - Test show principal function of kadmin.
+#
+# Retrieves entry for $pname. Returns 1 on success.
+#--
+proc kadmin_show { pname } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_principal $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin show $pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin show $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin show $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password:"
+ send "adminpass$KEY\r"
+ expect -re "\r.*Principal: $pname@$REALMNAME.*Key: .*Attributes:.*Policy: .*\r"
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin show)"
+ catch "close -i $spawn_id"
+ pass "kadmin show $pname"
+ return 1
+}
+
+#++
+# kadmin_cpw - Test change password function of kadmin
+#
+# Change password of $pname to $password. Returns 1 on success.
+#--
+proc kadmin_cpw { pname password } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "cpw $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin cpw $pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin cpw $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin cpw $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password:" {
+ send "adminpass$KEY\r"
+ }
+
+ expect "Enter password for principal \"$pname\":" { send "$password\r" }
+ expect "Re-enter password for principal \"$pname\":" { send "$password\r" }
+ # When in doubt, jam one of these in there.
+ expect "\r"
+ expect "Password for \"$pname@$REALMNAME\" changed."
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin cpw)"
+ catch "close -i $spawn_id"
+ pass "kadmin cpw $pname"
+ return 1
+}
+
+#++
+# kadmin_cpw_rnd - Test change random key function of kadmin.
+#
+# Changes principal $pname's key to a new random key. Returns 1 on success.
+#--
+proc kadmin_cpw_rnd { pname } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "cpw -randkey $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin cpw_rnd $pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin cpw_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin cpw_rnd $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password:" {
+ send "adminpass$KEY\r"
+ }
+ # When in doubt, jam one of these in there.
+ expect "\r"
+ expect "Key for \"$pname@$REALMNAME\" randomized."
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin cpw_rnd)"
+ catch "close -i $spawn_id"
+ pass "kadmin cpw_rnd $pname"
+ return 1
+}
+
+#++
+# kadmin_modify - Test modify principal function of kadmin.
+#
+# Modifies principal $pname with flags $flags. Returns 1 on success.
+#--
+proc kadmin_modify { pname flags } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "modprinc $flags $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin modify $pname ($flags) lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin modify $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin modify $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password:"
+ send "adminpass$KEY\r"
+ expect "Principal \"$pname@$REALMNAME\" modified."
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin modify)"
+ catch "close -i $spawn_id"
+ pass "kadmin modify $pname"
+ return 1
+}
+
+#++
+# kadmin_rename - Test rename function of kadmin.
+#
+# Rename principal $pname to $npname. Returns 1 on success.
+#--
+proc kadmin_rename { pname npname } {
+ global REALMNAME
+ global KADMIN
+ global KDB5_EDIT
+ global KEY
+ global spawn_id
+ global tmppwd
+
+ set good 0
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "renprinc -force $pname $npname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin rename $pname $npname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password:" {
+ send "adminpass$KEY\r"
+ }
+ expect "principal $pname renamed to $npname" { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin rename)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that the new principal was created and that its
+ # salt types are 0 (normal).
+ #
+ spawn $KDB5_EDIT -r $REALMNAME
+ expect_after {
+ -i $spawn_id
+ timeout {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect "kdb5_edit:" { send "show $npname\r" }
+ expect "Name: $npname@$REALMNAME" { set good 1 }
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that the old principal is not present.
+ #
+ spawn $KDB5_EDIT -r $REALMNAME
+ expect_after {
+ timeout {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin renent $pname $npname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect "kdb5_edit:" { send "show $pname\r" }
+ expect "Principal $pname not found" { set good 1 }
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin renent $pname $npname"
+ return 1
+ }
+ else {
+ fail "kadmin renent $pname $npname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin renent $pname $npname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin renent $pname $npname"
+ return 0
+ }
+}
+
+#++
+# kadmin_list - Test list database function of kadmin.
+#
+# Lists the database and verifies that output matches regular expression
+# "(.*@$REALMNAME)*". Returns 1 on success.
+#--
+proc kadmin_list { } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_principals *"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin ldb lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin ldb"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin ldb"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password:" {
+ send "adminpass$KEY\r"
+ }
+ expect -re "\(.*@$REALMNAME\r\n\)*"
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin list)"
+ catch "close -i $spawn_id"
+ pass "kadmin ldb"
+ return 1
+}
+
+#++
+# kadmin_extract - Test extract service key function of kadmin.
+#
+# Extracts service key for service name $name instance $instance. Returns
+# 1 on success.
+#--
+proc kadmin_extract { instance name } {
+ global REALMNAME
+ global KADMIN
+ global KEY
+ global spawn_id
+
+ catch "exec rm -f tmpdir/keytab"
+
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "xst -k tmpdir/keytab $name/$instance"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin xst $instance $name lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin xst $instance $name"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin xst $instance $name"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password:" {
+ send "adminpass$KEY\r"
+ }
+# expect -re "kadmin: Entry for principal $name/$instance with kvno [0-9], encryption type .* added to keytab WRFILE:tmpdir/keytab."
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin xst)"
+ catch "close -i $spawn_id"
+ catch "exec rm -f $instance-new-srvtab"
+ pass "kadmin xst $instance $name"
+ return 1
+}
+
+#++
+# kadmin_extractv4 - Test extract service key in v4 format function of
+# kadmin.
+#
+# Extracts service key for service name $name instance $instance in version
+# 4 format. Returns 1 on success.
+#--
+#proc kadmin_extractv4 { instance name } {
+# global REALMNAME
+# global KADMIN
+# global KEY
+# global spawn_id
+#
+# spawn $KADMIN -p krbtest/admin@$REALMNAME -q "xst4 $instance $name"
+# expect_after {
+# "Cannot contact any KDC" {
+# fail "kadmin xst4 $instance $name lost KDC"
+# catch "expect_after"
+# return 0
+# }
+# timeout {
+# fail "kadmin xst4 $instance $name"
+# catch "expect_after"
+# return 0
+# }
+# eof {
+# fail "kadmin xst4 $instance $name"
+# catch "expect_after"
+# return 0
+# }
+# }
+# expect "Enter password:" {
+# send "adminpass$KEY\r"
+# }
+# expect "extracted entry $name to key table $instance-new-v4-srvtab"
+# expect_after
+# expect eof
+# set k_stat [wait -i $spawn_id]
+# verbose "wait -i $spawn_id returned $k_stat (kadmin xst4)"
+# catch "close -i $spawn_id"
+# catch "exec rm -f $instance-new-v4-srvtab"
+# pass "kadmin xst4 $instance $name"
+# return 1
+#}
+
+#++
+# kadmin_delete - Test delete principal function of kadmin.
+#
+# Deletes principal $pname. Returns 1 on success.
+#--
+proc kadmin_delete { pname } {
+ global REALMNAME
+ global KADMIN
+ global KDB5_EDIT
+ global KEY
+ global spawn_id
+ global tmppwd
+
+ set good 0
+ spawn $KADMIN -p krbtest/admin@$REALMNAME -q "delprinc -force $pname"
+ expect_after {
+ "Cannot contact any KDC" {
+ fail "kadmin_delete $pname lost KDC"
+ catch "expect_after"
+ return 0
+ }
+ timeout {
+ fail "kadmin delprinc $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin delprinc $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ expect "Enter password:" {
+ send "adminpass$KEY\r"
+ }
+ expect "Principal \"$pname@$REALMNAME\" deleted." { set good 1 }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kadmin delprinc)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ #
+ # use kdb5_edit to verify that the old principal is not present.
+ #
+ spawn $KDB5_EDIT -r $REALMNAME
+ expect_after {
+ -i $spawn_id
+ timeout {
+ fail "kadmin delprinc $pname"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kadmin delprinc $pname"
+ catch "expect_after"
+ return 0
+ }
+ }
+ set good 0
+ expect "kdb5_edit:" { send "show $pname\r" }
+ expect "Principal $pname not found" { set good 1 }
+ expect "kdb5_edit:" { send "q\r" }
+ expect_after
+ expect eof
+ set k_stat [wait -i $spawn_id]
+ verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+ catch "close -i $spawn_id"
+ if { $good == 1 } {
+ pass "kadmin delprinc $pname"
+ return 1
+ }
+ else {
+ fail "kadmin delprinc $pname"
+ return 0
+ }
+ }
+ else {
+ fail "kadmin delprinc $pname"
+ return 0
+ }
+}
+
+#++
+# kpasswd_cpw - Test password changing using kpasswd.
+#
+# Change $princ's password from $opw to $npw. Returns 1 on success.
+#--
+proc kpasswd_cpw { princ opw npw } {
+ global KPASSWD
+
+ spawn $KPASSWD $princ
+ expect_after {
+ timeout {
+ fail "kpasswd $princ $npw"
+ catch "expect_after"
+ return 0
+ }
+ eof {
+ fail "kpasswd $princ $npw"
+ catch "expect_after"
+ return 0
+ }
+ }
+
+ expect "Changing password for $princ."
+ expect "Old password:" { send "$opw\r" }
+ expect "New password:" { send "$npw\r" }
+ expect "New password (again):" { send "$npw\r" }
+ expect "\r"
+ expect "Kerberos password changed."
+ expect_after
+ expect eof
+
+ if ![check_exit_status "kpasswd"] {
+ fail "kpasswd $princ $npw"
+ return 0
+ }
+ pass "kpasswd $princ $npw"
+ return 1
+}
+
+#++
+# kdestroy
+#--
+proc kdestroy { } {
+ global KDESTROY
+
+ spawn $KDESTROY
+ if ![check_exit_status "kdestroy"] {
+ return 0
+ }
+ return 1
+}
+
+# Wrap the tests in a procedure, so that we can kill the daemons if
+# we get some sort of error.
+
+proc kadmin_test { } {
+
+ # Start up the kerberos and kadmind daemons
+ if {![start_kerberos_daemons 0] } {
+ return
+ }
+
+ # Test basic kadmin functions.
+ if {![kadmin_add v5principal/instance1 v5principal] \
+ || ![kadmin_add v4principal/instance2 v4principal] \
+ || ![kadmin_add_rnd v5random] \
+ || ![kadmin_show v5principal/instance1] \
+ || ![kadmin_show v4principal/instance2] \
+ || ![kadmin_show v5random] \
+ || ![kadmin_cpw v5principal/instance1 faroutman] \
+ || ![kadmin_cpw v4principal/instance2 honkydory] \
+ || ![kadmin_cpw_rnd v5random] \
+ || ![kadmin_modify v5random -allow_tix] \
+ || ![kadmin_modify v5random +allow_tix] \
+ || ![kadmin_list] \
+ || ![kadmin_extract instance1 v5principal] \
+ || ![kadmin_delete v5random] \
+ || ![kadmin_delete v4principal/instance2] \
+ || ![kadmin_delete v5principal/instance1]} {
+ return
+ }
+
+# These tests were removed as you currently cannot rename a random key
+# This is a bug....
+# || ![kadmin_rename v5random randomkey] \
+# || ![kadmin_show randomkey] \
+# || ![kadmin_delete randomkey] \
+# You cannot extract a v4 key...
+# || ![kadmin_extractv4 instance2 v4principal] \
+
+ # now test kpasswd
+ if {![kadmin_add testprinc/instance thisisatest] \
+ || ![kpasswd_cpw testprinc/instance thisisatest anothertest] \
+ || ![kpasswd_cpw testprinc/instance anothertest goredsox] \
+ || ![kadmin_delete testprinc/instance]} {
+ return
+ }
+
+ # now test that we can kinit with principals/passwords.
+ if {![kadmin_add testprinc1/instance thisisatest] \
+ || ![kinit testprinc1/instance thisisatest 0] \
+ || ![kdestroy] \
+ || ![kpasswd_cpw testprinc1/instance thisisatest anothertest] \
+ || ![kinit testprinc1/instance anothertest 0] \
+ || ![kdestroy] \
+ || ![kpasswd_cpw testprinc1/instance anothertest goredsox] \
+ || ![kinit testprinc1/instance goredsox 0] \
+ || ![kdestroy] \
+ || ![kadmin_cpw testprinc1/instance betterwork] \
+ || ![kinit testprinc1/instance betterwork 0] \
+ || ![kdestroy] \
+ || ![kadmin_delete testprinc1/instance]} {
+ return
+ }
+ # now test modify changes.
+ if {![kadmin_add testuser longtestpw] \
+ || ![kinit testuser longtestpw 0] \
+ || ![kdestroy] \
+ || ![kadmin_modify testuser "-maxlife 2500"] \
+ || ![kinit testuser longtestpw 0] \
+ || ![kdestroy] \
+ || ![kadmin_delete testuser]} {
+ return
+ }
+
+ verbose "kadmin_test succeeded"
+}
+
+# Run the test.
+set status [catch kadmin_test msg]
+
+# Shut down the kerberos daemons and the rsh daemon.
+stop_kerberos_daemons
+
+if { $status != 0 } {
+ send_error "ERROR: error in kadmin.exp\n"
+ send_error "$msg\n"
+ exit 1
+}