diff options
| author | Isaac Boukris <iboukris@gmail.com> | 2020-01-15 11:14:00 +0100 |
|---|---|---|
| committer | Greg Hudson <ghudson@mit.edu> | 2020-01-24 22:24:10 -0500 |
| commit | 17570dd94056df70c19108c14d46cd6132509e6a (patch) | |
| tree | b6f7dced5c77b61be3e85ecf7327f685b98abb5e /src/tests/gssapi/t_s4u.py | |
| parent | 67bb22ac43198b173f16444468831b0e911e69cd (diff) | |
| download | krb5-17570dd94056df70c19108c14d46cd6132509e6a.zip krb5-17570dd94056df70c19108c14d46cd6132509e6a.tar.gz krb5-17570dd94056df70c19108c14d46cd6132509e6a.tar.bz2 | |
Allow cross-realm RBCD with PAC and other authdata
For cross-realm S4U2Proxy requests, require a PAC to be present to
bypass signedpath verification, but do not require it to be the only
authdata element. For within-realm requests, add and verify
signedpath authdata regardless of the presence of a PAC.
Simplify the test KDB authdata module and the existing RBCD tests as
we no longer need a way to suppress the test module's KDB authdata.
[ghudson@mit.edu: rewrote commit message; reordered a condition for
efficiency]
(cherry picked from commit 94f7c9705879500b1dc8dda8592490efce05688f)
ticket: 8868
version_fixed: 1.18
Diffstat (limited to 'src/tests/gssapi/t_s4u.py')
| -rwxr-xr-x | src/tests/gssapi/t_s4u.py | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/src/tests/gssapi/t_s4u.py b/src/tests/gssapi/t_s4u.py index 1a395c3..711612d 100755 --- a/src/tests/gssapi/t_s4u.py +++ b/src/tests/gssapi/t_s4u.py @@ -289,7 +289,6 @@ a_princs = {'krbtgt/A': {'keys': 'aes128-cts'}, 'rb': {'keys': 'aes128-cts'}} a_kconf = {'realms': {'$realm': {'database_module': 'test'}}, 'dbmodules': {'test': {'db_library': 'test', - 'ad_type': 'mspac', 'princs': a_princs, 'rbcd': {'rb@A': 'impersonator@A'}, 'alias': {'rb@A': 'rb', @@ -306,7 +305,6 @@ b_princs = {'krbtgt/B': {'keys': 'aes128-cts'}, 'rb': {'keys': 'aes128-cts'}} b_kconf = {'realms': {'$realm': {'database_module': 'test'}}, 'dbmodules': {'test': {'db_library': 'test', - 'ad_type': 'mspac', 'princs': b_princs, 'rbcd': {'rb@B': 'impersonator@A'}, 'alias': {'rb@B': 'rb', @@ -321,7 +319,6 @@ c_princs = {'krbtgt/C': {'keys': 'aes128-cts'}, c_kconf = {'realms': {'$realm': {'database_module': 'test'}}, 'capaths': { 'A' : { 'C' : 'B' }}, 'dbmodules': {'test': {'db_library': 'test', - 'ad_type': 'mspac', 'princs': c_princs, 'rbcd': {'rb@C': 'impersonator@A'}, 'alias': {'rb@C': 'rb', |