IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
The added tests include basic validation that the script runs and accepts all
custom arguments. The tests also verify changes to the password complexity,
minimum password length, and minimum password length settings.
The testit_expect_failure() function is like the testit() function, with
reversed error detection logic. This reversal only affects the pass/fail logic
and logging - the original return code from the command is still returned to the
calling script.
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ. (This was a TODO in
the Heimdal KDC)
The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).
Andrew Bartlett
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.
We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.
Andrew Bartlett
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ. Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.
While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).
Andrew Bartlett
The purpose of this test is to ensure that the Kerberos credentials
cache is valid. If the username and password is specified, this
overrides the very thing we are trying to test.
Andrew Bartlett
Added a blackbox test which looks for $WINTEST_CONF_DIR,
gets configuration vars from *.conf in that dir, disables
smbwrapper, and runs RAW-OPEN torture test.
Scripts are coming to startup/shutdown vm's.
(This used to be commit 74a0a9bb54)
Previously, the output from $cmdline was never captured. In case of a
failure, there was no output being passed to the subunit_fail_test() function,
but that function contains a call to "cat -". This caused the script to hang
indefinitely waiting for input.
We now capture $cmdline output (including mapping stderr to stdout) using
backticks, and then pipe that output to the subunit_fail_test() if there is
a failure.
(This used to be commit c0234d1319)
The problems here were that we did not bind to the LSA pipe, and we
did not consider it possible to have 0 trusted domains.
Andrew Bartlett
(This used to be commit 86694d429d)
This fixes up the python credentials interface in a number of areas,
with the aim of supporting '-k yes' as a command line option. (This
enables the use of kerberos).
As such, I've had to change the get_credentials call to take a
loadparm context, so that the credentials can be initialised
correctly.
The test_kinit script has been modified to prove that this continues
to work, as well as to provide greater code coverage of the kerberos
paths.
Andrew Bartlett
(This used to be commit 727ef40c2b)