#!/usr/bin/python
from k5test import *
-realm = K5Realm(start_kadmind=False, create_host=False)
+realm = K5Realm(create_host=False)
output = realm.run_as_client([kvno, 'krbtgt/'], expected_code=1)
if 'not found in Kerberos database' not in output:
fail('TGT lookup for empty realm failed in unexpected way')
#!/usr/bin/python
from k5test import *
-realm = K5Realm(start_kdc=False, start_kadmind=False, create_host=False)
+realm = K5Realm(start_kdc=False, create_host=False)
realm.start_kdc(['-w', '3'])
realm.kinit(realm.user_princ, password('user'))
realm.klist(realm.user_princ)
#!/usr/bin/python
from k5test import *
-realm = K5Realm(create_host=False, start_kadmind=False)
+realm = K5Realm(create_host=False)
realm.addprinc('alice', password('alice'))
realm.addprinc('bob', password('bob'))
from k5test import *
# Create a bare-bones KDC.
-realm = K5Realm(create_user=False, create_host=False, start_kadmind=False)
+realm = K5Realm(create_user=False, create_host=False)
# Create principals with various password expirations.
realm.run_kadminl('addprinc -pw pass noexpire')
from k5test import *
-realm = K5Realm(start_kadmind=False)
+realm = K5Realm()
# Verify the default.
realm.run_as_server(['./t_vfy_increds'])
# Try with verify_ap_req_nofail set and no keytab. This should fail.
realm.stop()
conf = { 'server' : { 'libdefaults' : { 'verify_ap_req_nofail' : 'true' } } }
-realm = K5Realm(start_kadmind=False, krb5_conf=conf)
+realm = K5Realm(krb5_conf=conf)
os.remove(realm.keytab)
realm.run_as_server(['./t_vfy_increds'], expected_code=1)
from k5test import *
# Create two independent realms (no cross-realm TGTs).
-r1 = K5Realm(start_kadmind=False, create_user=False)
-r2 = K5Realm(start_kadmind=False, create_user=False, realm='KRBTEST2.COM',
- testdir=os.path.join(r1.testdir, 'r2'), portbase=62000)
+r1 = K5Realm(create_user=False)
+r2 = K5Realm(create_user=False, realm='KRBTEST2.COM', portbase=62000,
+ testdir=os.path.join(r1.testdir, 'r2'))
# gsserver specifies the target as a GSS name. The resulting
# principal will have the host-based type, but the realm won't be
### Test acceptor name behavior.
-realm = K5Realm(start_kadmind=False)
+realm = K5Realm()
# Create some host-based principals and put most of them into the
# keytab. Rename one principal so that the keytab name matches the
# and the principal for the mismatching hostname in the keytab.
ignore_conf = { 'all' : { 'libdefaults' : {
'ignore_acceptor_hostname' : 'true' } } }
-realm = K5Realm(krb5_conf=ignore_conf, start_kadmind=False)
+realm = K5Realm(krb5_conf=ignore_conf)
realm.run_kadminl('addprinc -randkey host/-nomatch-')
realm.run_kadminl('xst host/-nomatch-')
output = realm.run_as_client(['./t_accname', 'host/-nomatch-',
#!/usr/bin/python
from k5test import *
-realm = K5Realm(start_kadmind=False, create_host=False, get_creds=False)
+realm = K5Realm(create_host=False, get_creds=False)
usercache = 'FILE:' + os.path.join(realm.testdir, 'usercache')
storagecache = 'FILE:' + os.path.join(realm.testdir, 'save')
#!/usr/bin/python
from k5test import *
-realm = K5Realm(start_kadmind=False, create_user=False, create_host=False)
+realm = K5Realm(create_user=False, create_host=False)
# Make a directory collection and use it for client commands in both realms.
ccdir = os.path.join(realm.testdir, 'cc')
# Basic two-realm test with cross TGTs in both directions.
-r1, r2 = cross_realms(2, start_kadmind=False)
+r1, r2 = cross_realms(2)
test_kvno(r1, r2.host_princ, 'basic r1->r2')
test_kvno(r2, r1.host_princ, 'basic r2->r1')
stop(r1, r2)
# instead. The client will use that to get a TGT for B.X.
r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)),
args=({'realm': 'A.X'}, {'realm': 'X'},
- {'realm': 'B.X'}),
- start_kadmind=False)
+ {'realm': 'B.X'}))
test_kvno(r1, r3.host_princ, 'KDC domain walk')
stop(r1, r2, r3)
{'realm': 'C',
'krb5_conf': {'master': capaths}},
{'realm': 'D',
- 'krb5_conf': {'master': capaths}}),
- start_kadmind=False)
+ 'krb5_conf': {'master': capaths}}))
test_kvno(r1, r4.host_princ, 'client capaths')
stop(r1, r2, r3, r4)
args=({'realm': 'A', 'krb5_conf': conf},
{'realm': 'B', 'krb5_conf': conf},
{'realm': 'C', 'krb5_conf': conf},
- {'realm': 'D', 'krb5_conf': conf}),
- start_kadmind=False)
+ {'realm': 'D', 'krb5_conf': conf}))
test_kvno(r1, r4.host_princ, 'KDC capaths')
stop(r1, r2, r3, r4)
r1, r2, r3 = cross_realms(3, xtgts=((0,1), (1,2)),
args=({'realm': 'A',
'krb5_conf': {'client': capaths}},
- {'realm': 'B'}, {'realm': 'C'}),
- start_kadmind=False)
+ {'realm': 'B'}, {'realm': 'C'}))
output = r1.run_as_client([kvno, r3.host_princ], expected_code=1)
if 'KDC policy rejects request' not in output:
fail('transited 1: Expected error message not in output')
args=({'realm': 'A', 'krb5_conf': conf},
{'realm': 'B', 'krb5_conf': conf},
{'realm': 'C', 'krb5_conf': conf},
- {'realm': 'D'}),
- start_kadmind=False)
+ {'realm': 'D'}))
output = r1.run_as_client([kvno, r4.host_princ], expected_code=1)
if 'Illegal cross-realm ticket' not in output:
fail('transited 2: Expected error message not in output')
#!/usr/bin/python
from k5test import *
-for realm in multipass_realms(create_host=False, start_kadmind=False):
+for realm in multipass_realms(create_host=False):
# Check that kinit fails appropriately with the wrong password.
output = realm.run_as_client([kinit, realm.user_princ], input='wrong\n',
expected_code=1)
# Test kinit against kdb keytab
realm.run_as_master([kinit, "-k", "-t", "KDB:", realm.user_princ])
-realm = K5Realm(create_host=False, start_kadmind=False)
+realm = K5Realm(create_host=False)
# Create a policy and see if it survives a dump/load.
realm.run_kadminl('addpol fred')
# TGT with the old key, and the second kvno invocation sends it to
# r2's KDC with no kvno to identify it, forcing the KDC to try
# multiple keys.
-r1, r2 = cross_realms(2, start_kadmind=False)
+r1, r2 = cross_realms(2)
r1.run_kadminl('modprinc -kvno 0 krbtgt/%s' % r2.realm)
r1.run_as_client([kvno, r2.host_princ])
r2.run_kadminl('cpw -pw newcross -keepold krbtgt/%s@%s' % (r2.realm, r1.realm))
#!/usr/bin/python
from k5test import *
-realm = K5Realm(start_kadmind=False)
+realm = K5Realm()
# Test kinit with a keytab.
realm.kinit(realm.host_princ, flags=['-k'])
#!/usr/bin/python
from k5test import *
-realm = K5Realm(create_host=False, start_kadmind=False)
+realm = K5Realm(create_host=False)
realm.run_kadminl('addpol -maxfailure 2 -failurecountinterval 5m lockout')
realm.run_kadminl('modprinc +requires_preauth -policy lockout user')
# Regression test for issue #7099: databases created prior to krb5 1.3 have
# multiple history keys, and kadmin prior to 1.7 didn't necessarily use the
# first one to create history entries.
-realm = K5Realm(start_kadmind=False, start_kdc=False)
+realm = K5Realm(start_kdc=False)
# Create a history principal with two keys.
realm.run_as_master(['./hist', 'make'])
realm.run_kadminl('addpol -history 2 pol')
#!/usr/bin/python
from k5test import *
-realm = K5Realm(create_host=False, start_kadmind=False, get_creds=False)
+realm = K5Realm(create_host=False, get_creds=False)
# Configure the realm to allow renewable tickets and acquire some.
realm.run_kadminl('modprinc -maxrenewlife "2 days" user')
enctype = "aes128-cts"
-realm = K5Realm(create_host=False, create_user=False, start_kadmind=False)
+realm = K5Realm(create_host=False, create_user=False)
salttypes = ('normal', 'v4', 'norealm', 'onlyrealm')
# For a variety of salt types, test that we can rename a principal and
from k5test import *
# Create a realm with the KDC one hour in the past.
-realm = K5Realm(start_kadmind=False, start_kdc=False)
+realm = K5Realm(start_kdc=False)
realm.start_kdc(['-T', '-3600'])
# kinit (no preauth) should work, and should set a clock skew allowing
# Repeat the above tests with kdc_timesync disabled.
conf = {'all': {'libdefaults': {'kdc_timesync': '0'}}}
-realm = K5Realm(start_kadmind=False, start_kdc=False, krb5_conf=conf)
+realm = K5Realm(start_kdc=False, krb5_conf=conf)
realm.start_kdc(['-T', '-3600'])
# kinit (no preauth) should work, but kvno should not. kinit with
global realm
return realm.run_as_master([kadmin, '-c', realm.ccache, '-q', query])
-realm = K5Realm(create_host=False, get_creds=False)
+realm = K5Realm(start_kadmind=True, create_host=False, get_creds=False)
realm.kinit(realm.admin_princ, password('admin'), flags=['-S', 'kadmin/admin'])
self-contained test operation
* Two different kdc.conf files for the master and slave KDCs
* A fresh DB2 KDB
-* Running krb5kdc and kadmind processes
+* Running krb5kdc (but not kadmind)
* Principals named realm.user_princ and realm.admin_princ; call
password('user') and password('admin') to get the password
* Credentials for realm.user_princ in realm.ccache
* start_kdc=False: Don't start the KDC. Implies get_creds=False.
-* start_kadmind=False: Don't start kadmind.
+* start_kadmind=True: Start kadmind.
* get_creds=False: Don't get user credentials.
def __init__(self, realm='KRBTEST.COM', portbase=61000, testdir='testdir',
krb5_conf=None, kdc_conf=None, create_kdb=True,
krbtgt_keysalt=None, create_user=True, get_creds=True,
- create_host=True, start_kdc=True, start_kadmind=True):
+ create_host=True, start_kdc=True, start_kadmind=False):
global hostname, _default_krb5_conf, _default_kdc_conf
self.realm = realm
env['PATH'] = path_prefix + env['PATH']
if args:
- realms = cross_realms(int(args[0]))
+ realms = cross_realms(int(args[0]), start_kadmind=True)
realm = realms[0]
else:
- realm = K5Realm()
+ realm = K5Realm(start_kadmind=True)
env = realm.env_master.copy()
supplement_path(env)
projects / krb5.git / commitdiff