* kadmin.exp: Added back in. Rewritten to use new admin system
authorEzra Peisach <epeisach@mit.edu>
Mon, 29 Jul 1996 15:32:46 +0000 (15:32 +0000)
committerEzra Peisach <epeisach@mit.edu>
Mon, 29 Jul 1996 15:32:46 +0000 (15:32 +0000)
Notes:
a) This only tests the old functionailty - the policy database
   testing does not exist
b) The rename test is taken out as you currently cannot rename a
   random key (deficiency in kadmind)
c) The v4 keytab extraction does not have an equivalent in this
   system and is not included.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@8859 dc483132-0cff-0310-8789-dd5450dbe970

src/tests/dejagnu/krb-standalone/ChangeLog
src/tests/dejagnu/krb-standalone/kadmin.exp [new file with mode: 0644]

index a27385294c49bb915607f5de5897e2b395432f0b..cd482dedb49b0124ebe058033f03720a08d8ca82 100644 (file)
@@ -1,3 +1,7 @@
+Mon Jul 29 11:30:24 1996  Ezra Peisach  <epeisach@kangaroo.mit.edu>
+
+       * kadmin.exp: Added back in. Rewritten to use new admin system.
+
 Tue Jul 23 23:40:05 1996  Theodore Y. Ts'o  <tytso@mit.edu>
 
        * kadmin.exp: removed, since it was for the old admin server.
diff --git a/src/tests/dejagnu/krb-standalone/kadmin.exp b/src/tests/dejagnu/krb-standalone/kadmin.exp
new file mode 100644 (file)
index 0000000..c3ffb84
--- /dev/null
@@ -0,0 +1,847 @@
+# Kerberos kadmin test.
+# This is a DejaGnu test script.
+# This script tests Kerberos kadmin5 using kdb5_edit as verification.
+
+# Set up the kerberos database.
+if {![get_hostname] \
+    || ![setup_kerberos_files] \
+    || ![setup_kerberos_env] \
+    || ![setup_kerberos_db 0]} {
+    return
+}
+
+# find kpasswd
+if ![info exists KPASSWD] {
+    set KPASSWD [findfile $objdir/../../kadmin/passwd/kpasswd]
+}
+
+# find kdestroy
+if ![info exists KDESTROY] {
+    set KDESTROY [findfile $objdir/../../clients/kdestroy/kdestroy]
+}
+
+#++
+# kadmin_add   - Test add new v5 principal function of kadmin.
+#
+# Adds principal $pname with password $password.  Returns 1 on success.
+#--
+proc kadmin_add { pname password } {
+    global REALMNAME
+    global KADMIN
+    global KDB5_EDIT
+    global KEY
+    global spawn_id
+    global tmppwd
+
+    set good 0
+    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank $pname"
+    expect_after {
+       "Cannot contact any KDC" {
+           fail "kadmin add$pname lost KDC"
+           catch "expect_after"
+           return 0
+       }
+       timeout {
+           fail "kadmin add $pname"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kadmin add $pname"
+           catch "expect_after"
+           return 0
+       }
+    }
+    expect "Enter password:" {
+       send "adminpass$KEY\r"
+    }
+    expect "Enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
+    expect "Re-enter password for principal \"$pname@$REALMNAME\":" { send "$password\r" }
+    expect "Principal \"$pname@$REALMNAME\" created." { set good 1 }
+    expect_after
+    expect eof
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin add)"
+    catch "close -i $spawn_id"
+    if { $good == 1 } {
+       #
+       # use kdb5_edit to verify that a principal was created and that its
+       # salt types are 0 (normal).
+       #
+       spawn $KDB5_EDIT -r $REALMNAME
+       expect_after {
+           -i $spawn_id
+           timeout {
+               fail "kadmin add $pname"
+               catch "expect_after"
+               return 0
+           }
+           eof {
+               fail "kadmin add $pname"
+               catch "expect_after"
+               return 0
+           }
+       }
+       set good 0
+       expect "kdb5_edit:" { send "show $pname\r" }
+       expect "Name: $pname@$REALMNAME" { set good 1 }
+
+       expect "Maximum life:" { verbose "got max life" }
+       expect "Maximum renewable life:" { verbose "got max rlife" }
+       expect "Expiration:" { verbose "got expiration" }
+       expect "Password expiration:" { verbose "got pw expiration" }
+       expect "Last successful password:" { verbose "last succ pw" }
+       expect "Last failed password attempt:" { verbose "last pw attempt" }
+       expect "Failed password attempts:" { verbose "num failed attempts" }
+       expect "Attributes:" { verbose "attributes" }
+       expect "Number of keys:" { verbose "num keys"} 
+       expect "kdb5_edit:" { send "q\r" }
+       expect_after
+       expect eof
+       set k_stat [wait -i $spawn_id]
+       verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+       catch "close -i $spawn_id"
+       if { $good == 1 } {
+           pass "kadmin add $pname"
+           return 1
+       }
+       else {
+           fail "kadmin add $pname"
+           return 0
+       }
+    }
+    else {
+       fail "kadmin add $pname"
+       return 0
+    }
+}
+
+#++
+# kadmin_add_rnd       - Test add new v5 principal with random key function.
+#
+# Adds principal $pname with random key.  Returns 1 on success.
+#--
+proc kadmin_add_rnd { pname } {
+    global REALMNAME
+    global KADMIN
+    global KDB5_EDIT
+    global KEY
+    global spawn_id
+    global tmppwd
+
+    set good 0
+    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "ank -randkey $pname"
+    expect_after {
+       "Cannot contact any KDC" {
+           fail "kadmin add rnd $pname lost KDC"
+           catch "expect_after"
+           return 0
+       }
+       timeout {
+           fail "kadmin add_rnd $pname"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kadmin add_rnd $pname"
+           catch "expect_after"
+           return 0
+       }
+    }
+    expect "Enter password:" {
+       send "adminpass$KEY\r"
+    }
+    expect "Principal \"$pname@$REALMNAME\" created." { set good 1 }
+    expect_after
+    expect eof
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin add_rnt)"
+    catch "close -i $spawn_id"
+    if { $good == 1 } {
+       #
+       # use kdb5_edit to verify that a principal was created and that its
+       # salt types are 0 (normal).
+       #
+       spawn $KDB5_EDIT -r $REALMNAME
+       expect_after {
+            -i $spawn_id
+           timeout {
+               fail "kadmin add_rnd $pname"
+               catch "expect_after"
+               return 0
+           }
+           eof {
+               fail "kadmin add_rnd $pname"
+               catch "expect_after"
+               return 0
+           }
+       }
+       set good 0
+       expect "kdb5_edit:" { send "show $pname\r" }
+       expect "Name: $pname@$REALMNAME" { set good 1 }
+       expect "kdb5_edit:" { send "q\r" }
+       expect_after
+       expect eof
+       set k_stat [wait -i $spawn_id]
+       verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+       catch "close -i $spawn_id"
+       if { $good == 1 } {
+           pass "kadmin add_rnd $pname"
+           return 1
+       }
+       else {
+           fail "kadmin add_rnd $pname"
+           return 0
+       }
+    }
+    else {
+       fail "kadmin add_rnd $pname"
+       return 0
+    }
+}
+
+#++
+# kadmin_show  - Test show principal function of kadmin.
+# 
+# Retrieves entry for $pname.  Returns 1 on success.
+#--
+proc kadmin_show { pname } {
+    global REALMNAME
+    global KADMIN
+    global KEY
+    global spawn_id
+
+    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_principal $pname"
+    expect_after {
+       "Cannot contact any KDC" {
+           fail "kadmin show $pname lost KDC"
+           catch "expect_after"
+           return 0
+       }
+       timeout {
+           fail "kadmin show $pname"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kadmin show $pname"
+           catch "expect_after"
+           return 0
+       }
+    }
+    expect "Enter password:"
+    send "adminpass$KEY\r"
+    expect -re "\r.*Principal: $pname@$REALMNAME.*Key: .*Attributes:.*Policy: .*\r"
+    expect_after
+    expect eof
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin show)"
+    catch "close -i $spawn_id"
+    pass "kadmin show $pname"
+    return 1
+}
+
+#++
+# kadmin_cpw   - Test change password function of kadmin
+#
+# Change password of $pname to $password.  Returns 1 on success.
+#--
+proc kadmin_cpw { pname password } {
+    global REALMNAME
+    global KADMIN
+    global KEY
+    global spawn_id
+
+    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "cpw $pname"
+    expect_after {
+       "Cannot contact any KDC" {
+           fail "kadmin cpw $pname lost KDC"
+           catch "expect_after"
+           return 0
+       }
+       timeout {
+           fail "kadmin cpw $pname"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kadmin cpw $pname"
+           catch "expect_after"
+           return 0
+       }
+    }
+    expect "Enter password:" {
+       send "adminpass$KEY\r"
+    }
+
+    expect "Enter password for principal \"$pname\":" { send "$password\r" }
+    expect "Re-enter password for principal \"$pname\":" { send "$password\r" }
+    # When in doubt, jam one of these in there.
+    expect "\r"
+    expect "Password for \"$pname@$REALMNAME\" changed."
+    expect_after
+    expect eof
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin cpw)"
+    catch "close -i $spawn_id"
+    pass "kadmin cpw $pname"
+    return 1
+}
+
+#++
+# kadmin_cpw_rnd       - Test change random key function of kadmin.
+#
+# Changes principal $pname's key to a new random key.  Returns 1 on success.
+#--
+proc kadmin_cpw_rnd { pname } {
+    global REALMNAME
+    global KADMIN
+    global KEY
+    global spawn_id
+
+    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "cpw -randkey $pname"
+    expect_after {
+       "Cannot contact any KDC" {
+           fail "kadmin cpw_rnd $pname lost KDC"
+           catch "expect_after"
+           return 0
+       }
+       timeout {
+           fail "kadmin cpw_rnd $pname"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kadmin cpw_rnd $pname"
+           catch "expect_after"
+           return 0
+       }
+    }
+    expect "Enter password:" {
+       send "adminpass$KEY\r"
+    }
+    # When in doubt, jam one of these in there.
+    expect "\r"
+    expect "Key for \"$pname@$REALMNAME\" randomized."
+    expect_after
+    expect eof
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin cpw_rnd)"
+    catch "close -i $spawn_id"
+    pass "kadmin cpw_rnd $pname"
+    return 1
+}
+
+#++
+# kadmin_modify        - Test modify principal function of kadmin.
+#
+# Modifies principal $pname with flags $flags.  Returns 1 on success.
+#--
+proc kadmin_modify { pname flags } {
+    global REALMNAME
+    global KADMIN
+    global KEY
+    global spawn_id
+
+    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "modprinc $flags $pname"
+    expect_after {
+       "Cannot contact any KDC" {
+           fail "kadmin modify $pname ($flags) lost KDC"
+           catch "expect_after"
+           return 0
+       }
+       timeout {
+           fail "kadmin modify $pname"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kadmin modify $pname"
+           catch "expect_after"
+           return 0
+       }
+    }
+    expect "Enter password:"
+    send "adminpass$KEY\r"
+    expect "Principal \"$pname@$REALMNAME\" modified."
+    expect_after
+    expect eof
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin modify)"
+    catch "close -i $spawn_id"
+    pass "kadmin modify $pname"
+    return 1
+}
+
+#++
+# kadmin_rename        - Test rename function of kadmin.
+#
+# Rename principal $pname to $npname.  Returns 1 on success.
+#--
+proc kadmin_rename { pname npname } {
+    global REALMNAME
+    global KADMIN
+    global KDB5_EDIT
+    global KEY
+    global spawn_id
+    global tmppwd
+
+    set good 0
+    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "renprinc -force $pname $npname"
+    expect_after {
+       "Cannot contact any KDC" {
+           fail "kadmin rename $pname $npname lost KDC"
+           catch "expect_after"
+           return 0
+       }
+       timeout {
+           fail "kadmin renent $pname $npname"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kadmin renent $pname $npname"
+           catch "expect_after"
+           return 0
+       }
+    }
+    expect "Enter password:" {
+       send "adminpass$KEY\r"
+    }
+    expect "principal $pname renamed to $npname" { set good 1 }
+    expect_after
+    expect eof
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin rename)"
+    catch "close -i $spawn_id"
+    if { $good == 1 } {
+       #
+       # use kdb5_edit to verify that the new principal was created and that its
+       # salt types are 0 (normal).
+       #
+       spawn $KDB5_EDIT -r $REALMNAME
+       expect_after {
+           -i $spawn_id
+           timeout {
+               fail "kadmin renent $pname $npname"
+               catch "expect_after"
+               return 0
+           }
+           eof {
+               fail "kadmin renent $pname $npname"
+               catch "expect_after"
+               return 0
+           }
+       }
+       set good 0
+       expect "kdb5_edit:" { send "show $npname\r" }
+       expect "Name: $npname@$REALMNAME" { set good 1 }
+       expect "kdb5_edit:" { send "q\r" }
+       expect_after
+       expect eof
+       set k_stat [wait -i $spawn_id]
+       verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+       catch "close -i $spawn_id"
+
+       if { $good == 1 } {
+           #
+           # use kdb5_edit to verify that the old principal is not present.
+           #
+           spawn $KDB5_EDIT -r $REALMNAME
+           expect_after {
+               timeout {
+                   fail "kadmin renent $pname $npname"
+                   catch "expect_after"
+                   return 0
+               }
+               eof {
+                   fail "kadmin renent $pname $npname"
+                   catch "expect_after"
+                   return 0
+               }
+           }
+           set good 0
+           expect "kdb5_edit:" { send "show $pname\r" }
+           expect "Principal $pname not found" { set good 1 }
+           expect "kdb5_edit:" { send "q\r" }
+           expect_after
+           expect eof
+           set k_stat [wait -i $spawn_id]
+           verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+           catch "close -i $spawn_id"
+           if { $good == 1 } {
+               pass "kadmin renent $pname $npname"
+               return 1
+           }
+           else {
+               fail "kadmin renent $pname $npname"
+               return 0
+           }
+       }
+       else {
+           fail "kadmin renent $pname $npname"
+           return 0
+       }
+    }
+    else {
+       fail "kadmin renent $pname $npname"
+       return 0
+    }
+}
+
+#++
+# kadmin_list  - Test list database function of kadmin.
+#
+# Lists the database and verifies that output matches regular expression
+# "(.*@$REALMNAME)*".  Returns 1 on success.
+#--
+proc kadmin_list {  } {
+    global REALMNAME
+    global KADMIN
+    global KEY
+    global spawn_id
+
+    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "get_principals *"
+    expect_after {
+       "Cannot contact any KDC" {
+           fail "kadmin ldb lost KDC"
+           catch "expect_after"
+           return 0
+       }
+       timeout {
+           fail "kadmin ldb"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kadmin ldb"
+           catch "expect_after"
+           return 0
+       }
+    }
+    expect "Enter password:" {
+       send "adminpass$KEY\r"
+    }
+    expect -re "\(.*@$REALMNAME\r\n\)*"
+    expect_after
+    expect eof
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin list)"
+    catch "close -i $spawn_id"
+    pass "kadmin ldb"
+    return 1
+}
+
+#++
+# kadmin_extract       - Test extract service key function of kadmin.
+#
+# Extracts service key for service name $name instance $instance.  Returns
+# 1 on success.
+#--
+proc kadmin_extract { instance name } {
+    global REALMNAME
+    global KADMIN
+    global KEY
+    global spawn_id
+
+    catch "exec rm -f tmpdir/keytab"
+
+    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "xst -k tmpdir/keytab $name/$instance"
+    expect_after {
+       "Cannot contact any KDC" {
+           fail "kadmin xst $instance $name lost KDC"
+           catch "expect_after"
+           return 0
+       }
+       timeout {
+           fail "kadmin xst $instance $name"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kadmin xst $instance $name"
+           catch "expect_after"
+           return 0
+       }
+    }
+    expect "Enter password:" {
+       send "adminpass$KEY\r"
+    }
+#    expect -re "kadmin: Entry for principal $name/$instance with kvno [0-9], encryption type .* added to keytab WRFILE:tmpdir/keytab."
+    expect_after
+    expect eof
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin xst)"
+    catch "close -i $spawn_id"
+    catch "exec rm -f $instance-new-srvtab"
+    pass "kadmin xst $instance $name"
+    return 1
+}
+
+#++
+# kadmin_extractv4     - Test extract service key in v4 format function of
+#                        kadmin.
+#
+# Extracts service key for service name $name instance $instance in version
+# 4 format.  Returns 1 on success.
+#--
+#proc kadmin_extractv4 { instance name } {
+#    global REALMNAME
+#    global KADMIN
+#    global KEY
+#    global spawn_id
+#
+#    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "xst4 $instance $name"
+#    expect_after {
+#      "Cannot contact any KDC" {
+#          fail "kadmin xst4 $instance $name lost KDC"
+#          catch "expect_after"
+#          return 0
+#      }
+#      timeout {
+#          fail "kadmin xst4 $instance $name"
+#          catch "expect_after"
+#          return 0
+#      }
+#      eof {
+#          fail "kadmin xst4 $instance $name"
+#          catch "expect_after"
+#          return 0
+#      }
+#    }
+#    expect "Enter password:" {
+#      send "adminpass$KEY\r"
+#    }
+#    expect "extracted entry $name to key table $instance-new-v4-srvtab"
+#    expect_after
+#    expect eof
+#    set k_stat [wait -i $spawn_id]
+#    verbose "wait -i $spawn_id returned $k_stat (kadmin xst4)"
+#    catch "close -i $spawn_id"
+#    catch "exec rm -f $instance-new-v4-srvtab"
+#    pass "kadmin xst4 $instance $name"
+#    return 1
+#}
+
+#++
+# kadmin_delete        - Test delete principal function of kadmin.
+#
+# Deletes principal $pname.  Returns 1 on success.
+#--
+proc kadmin_delete { pname } {
+    global REALMNAME
+    global KADMIN
+    global KDB5_EDIT
+    global KEY
+    global spawn_id
+    global tmppwd
+
+    set good 0
+    spawn $KADMIN -p krbtest/admin@$REALMNAME -q "delprinc -force $pname"
+    expect_after {
+       "Cannot contact any KDC" {
+           fail "kadmin_delete $pname lost KDC"
+           catch "expect_after"
+           return 0
+       }
+       timeout {
+           fail "kadmin delprinc $pname"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kadmin delprinc $pname"
+           catch "expect_after"
+           return 0
+       }
+    }
+    expect "Enter password:" {
+       send "adminpass$KEY\r"
+    }
+    expect "Principal \"$pname@$REALMNAME\" deleted." { set good 1 }
+    expect_after
+    expect eof
+    set k_stat [wait -i $spawn_id]
+    verbose "wait -i $spawn_id returned $k_stat (kadmin delprinc)"
+    catch "close -i $spawn_id"
+    if { $good == 1 } {
+       #
+       # use kdb5_edit to verify that the old principal is not present.
+       #
+       spawn $KDB5_EDIT -r $REALMNAME
+       expect_after {
+           -i $spawn_id
+           timeout {
+               fail "kadmin delprinc $pname"
+               catch "expect_after"
+               return 0
+           }
+           eof {
+               fail "kadmin delprinc $pname"
+               catch "expect_after"
+               return 0
+           }
+       }
+       set good 0
+       expect "kdb5_edit:" { send "show $pname\r" }
+       expect "Principal $pname not found" { set good 1 }
+       expect "kdb5_edit:" { send "q\r" }
+       expect_after
+       expect eof
+       set k_stat [wait -i $spawn_id]
+       verbose "wait -i $spawn_id returned $k_stat (kdb5_edit show)"
+       catch "close -i $spawn_id"
+       if { $good == 1 } {
+           pass "kadmin delprinc $pname"
+           return 1
+       }
+       else {
+           fail "kadmin delprinc $pname"
+           return 0
+       }
+    }
+    else {
+       fail "kadmin delprinc $pname"
+       return 0
+    }
+}
+
+#++
+# kpasswd_cpw  - Test password changing using kpasswd.
+#
+# Change $princ's password from $opw to $npw.  Returns 1 on success.
+#--
+proc kpasswd_cpw { princ opw npw } {
+    global KPASSWD
+
+    spawn $KPASSWD $princ
+    expect_after {
+       timeout {
+           fail "kpasswd $princ $npw"
+           catch "expect_after"
+           return 0
+       }
+       eof {
+           fail "kpasswd $princ $npw"
+           catch "expect_after"
+           return 0
+       }
+    }
+
+    expect "Changing password for $princ."
+    expect "Old password:" { send "$opw\r" }
+    expect "New password:" { send "$npw\r" }
+    expect "New password (again):" { send "$npw\r" }
+    expect "\r"
+    expect "Kerberos password changed."
+    expect_after
+    expect eof
+
+    if ![check_exit_status "kpasswd"] {
+       fail "kpasswd $princ $npw"
+       return 0
+    }
+    pass "kpasswd $princ $npw"
+    return 1
+}
+
+#++
+# kdestroy
+#--
+proc kdestroy { } {
+    global KDESTROY
+
+    spawn $KDESTROY
+    if ![check_exit_status "kdestroy"] {
+       return 0
+    }
+    return 1
+}
+
+# Wrap the tests in a procedure, so that we can kill the daemons if
+# we get some sort of error.
+
+proc kadmin_test { } {
+
+    # Start up the kerberos and kadmind daemons
+    if {![start_kerberos_daemons 0] } {
+       return
+    }
+
+    # Test basic kadmin functions.
+    if {![kadmin_add v5principal/instance1 v5principal] \
+       || ![kadmin_add v4principal/instance2 v4principal] \
+       || ![kadmin_add_rnd v5random] \
+       || ![kadmin_show v5principal/instance1] \
+       || ![kadmin_show v4principal/instance2] \
+       || ![kadmin_show v5random] \
+       || ![kadmin_cpw v5principal/instance1 faroutman] \
+       || ![kadmin_cpw v4principal/instance2 honkydory] \
+       || ![kadmin_cpw_rnd v5random] \
+       || ![kadmin_modify v5random -allow_tix] \
+       || ![kadmin_modify v5random +allow_tix] \
+       || ![kadmin_list] \
+       || ![kadmin_extract instance1 v5principal] \
+       || ![kadmin_delete v5random] \
+       || ![kadmin_delete v4principal/instance2] \
+       || ![kadmin_delete v5principal/instance1]} {
+       return
+    }
+
+# These tests were removed as you currently cannot rename a random key 
+# This is a bug....
+#      || ![kadmin_rename v5random randomkey] \
+#      || ![kadmin_show randomkey] \
+#      || ![kadmin_delete randomkey] \
+# You cannot extract a v4 key...
+#      || ![kadmin_extractv4 instance2 v4principal] \
+
+    # now test kpasswd
+    if {![kadmin_add testprinc/instance thisisatest] \
+           || ![kpasswd_cpw testprinc/instance thisisatest anothertest] \
+           || ![kpasswd_cpw testprinc/instance anothertest goredsox] \
+           || ![kadmin_delete testprinc/instance]} {
+       return
+    }
+
+    # now test that we can kinit with principals/passwords.
+    if {![kadmin_add testprinc1/instance thisisatest] \
+           || ![kinit testprinc1/instance thisisatest 0] \
+           || ![kdestroy] \
+           || ![kpasswd_cpw testprinc1/instance thisisatest anothertest] \
+           || ![kinit testprinc1/instance anothertest 0] \
+           || ![kdestroy] \
+           || ![kpasswd_cpw testprinc1/instance anothertest goredsox] \
+           || ![kinit testprinc1/instance goredsox 0] \
+           || ![kdestroy] \
+           || ![kadmin_cpw testprinc1/instance betterwork] \
+           || ![kinit testprinc1/instance betterwork 0] \
+           || ![kdestroy] \
+           || ![kadmin_delete testprinc1/instance]} {
+       return
+    }
+    # now test modify changes.
+    if {![kadmin_add testuser longtestpw] \
+            || ![kinit testuser longtestpw 0] \
+           || ![kdestroy] \
+           || ![kadmin_modify testuser "-maxlife 2500"] \
+           || ![kinit testuser longtestpw 0] \
+           || ![kdestroy] \
+           || ![kadmin_delete testuser]} {
+       return
+    }
+
+    verbose "kadmin_test succeeded"
+}
+
+# Run the test.
+set status [catch kadmin_test msg]
+
+# Shut down the kerberos daemons and the rsh daemon.
+stop_kerberos_daemons
+
+if { $status != 0 } {
+    send_error "ERROR: error in kadmin.exp\n"
+    send_error "$msg\n"
+    exit 1
+}