samba.git/testprogs, branch v3-5-test Unnamed repository; edit this file 'description' to name the repository. Revert "blackbox:test_kinit - Remove the "-H" (hive) parameter" 2009-09-21T09:33:13+00:00 Matthias Dieter Wallnöfer mwallnoefer@yahoo.de 2009-09-21T09:33:13+00:00 0af3b06824825ee42ba0fe7414d774ace72292d0 This reverts commit d4389a230b6aea5a0b2a98e255b14a59c8248b0b. This revert changed the behaviour which I didn't expect. Thanks abartlet to point this out! 
This reverts commit d4389a230b6aea5a0b2a98e255b14a59c8248b0b.

This revert changed the behaviour which I didn't expect. Thanks abartlet to
point this out!
blackbox:test_kinit - Remove the "-H" (hive) parameter 2009-09-20T21:07:22+00:00 Matthias Dieter Wallnöfer mwallnoefer@yahoo.de 2009-09-20T21:07:22+00:00 d4389a230b6aea5a0b2a98e255b14a59c8248b0b The "enableaccount" script works only on local LDB anymore - therefore remove this parameter. 
The "enableaccount" script works only on local LDB anymore - therefore remove
this parameter.
blackbox/test_ldb.sh: test searching using OIDs instead of names for attributes and classes 2009-09-20T04:44:19+00:00 Stefan Metzmacher metze@samba.org 2009-09-20T04:05:59+00:00 c5d38fd45abb037ff03dfb196c7fd0e2f59b1f28 metze 
metze
s4:pwsettings: Added blackbox tests. 2009-09-09T23:09:56+00:00 Andrew Kroeger andrew@id10ts.net 2009-09-08T11:01:18+00:00 e3a2a22451b3f2b7294da0e6d1f1f6e6d4a33368 The added tests include basic validation that the script runs and accepts all custom arguments. The tests also verify changes to the password complexity, minimum password length, and minimum password length settings. 
The added tests include basic validation that the script runs and accepts all
custom arguments.  The tests also verify changes to the password complexity,
minimum password length, and minimum password length settings.
testprogs:subunit.sh: Add function for expected failures. 2009-09-09T23:09:56+00:00 Andrew Kroeger andrew@id10ts.net 2009-09-08T21:01:26+00:00 67a8a8c9e652d0f1aa5a1c593177bd75bc4af284 The testit_expect_failure() function is like the testit() function, with reversed error detection logic. This reversal only affects the pass/fail logic and logging - the original return code from the command is still returned to the calling script. 
The testit_expect_failure() function is like the testit() function, with
reversed error detection logic.  This reversal only affects the pass/fail logic
and logging - the original return code from the command is still returned to the
calling script.
s4:kerberos Add support for user principal names in certificates 2009-07-28T04:10:47+00:00 Andrew Bartlett abartlet@samba.org 2009-07-28T04:05:19+00:00 8ff1f50b0c47f7ff92d557ef4caf64a44b387ab4 This extends the PKINIT code in Heimdal to ask the HDB layer if the User Principal Name name in the certificate is an alias (perhaps just by case change) of the name given in the AS-REQ. (This was a TODO in the Heimdal KDC) The testsuite is extended to test this behaviour, and the other PKINIT certficate (using the standard method to specify a principal name in a certificate) is updated to use a Administrator (not administrator). (This fixes the kinit test). Andrew Bartlett 
This extends the PKINIT code in Heimdal to ask the HDB layer if the
User Principal Name name in the certificate is an alias (perhaps just
by case change) of the name given in the AS-REQ.  (This was a TODO in
the Heimdal KDC)

The testsuite is extended to test this behaviour, and the other PKINIT
certficate (using the standard method to specify a principal name in a
certificate) is updated to use a Administrator (not administrator).
(This fixes the kinit test).

Andrew Bartlett
s4:kerberos Add test to show that we actually export the keytab 2009-07-27T12:41:43+00:00 Andrew Bartlett abartlet@samba.org 2009-07-27T12:39:10+00:00 cdd7a5208fbcb65e4a75ee08f8f015530f418c15 While it is hard to prove it is correct, at least the new 'nettestuser' principal and the Administrator principal are correct. We had to fix the case of 'Administrator' in the selftest code to match the DB, as the keytab lookup is case sensitive. Andrew Bartlett 
While it is hard to prove it is correct, at least the new
'nettestuser' principal and the Administrator principal are correct.

We had to fix the case of 'Administrator' in the selftest code to
match the DB, as the keytab lookup is case sensitive.

Andrew Bartlett
s4:heimdal Allow KRB5_NT_ENTERPRISE names in all DB lookups 2009-06-30T02:11:14+00:00 Andrew Bartlett abartlet@samba.org 2009-06-30T02:11:14+00:00 89a074b784295204aa8d7dd585bf3533ac7971a7 The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail list user principal name) in an AS-REQ. Evidence from the wild (Win2k8 reportadely) indicates that this is instead valid for all types of requests. While this is now handled in heimdal/kdc/misc.c, a flag is now defined in Heimdal's hdb so that we can take over this handling in future (once we start using a system Heimdal, and if we find out there is more to be done here). Andrew Bartlett 
The previous code only allowed an KRB5_NT_ENTERPRISE name (an e-mail
list user principal name) in an AS-REQ.  Evidence from the wild
(Win2k8 reportadely) indicates that this is instead valid for all
types of requests.

While this is now handled in heimdal/kdc/misc.c, a flag is now defined
in Heimdal's hdb so that we can take over this handling in future (once we start
using a system Heimdal, and if we find out there is more to be done
here).

Andrew Bartlett
s4: Add tests and 'must change password' flags in setpassword and newuser 2009-06-18T03:49:30+00:00 Andrew Bartlett abartlet@samba.org 2009-06-18T02:38:04+00:00 1e6fb7d7306ee64ac649afe235e452ac116de394 In particular, ensure that we can acutally change the password under these circumstances. Andrew Bartlett 
In particular, ensure that we can acutally change the password under
these circumstances.

Andrew Bartlett
s4:testprogs Don't specify a username/password when checking the ccache 2009-06-18T03:49:30+00:00 Andrew Bartlett abartlet@samba.org 2009-06-18T02:36:00+00:00 033e25fdcea93763e1e8fe295fb6d2c3d261bcc4 The purpose of this test is to ensure that the Kerberos credentials cache is valid. If the username and password is specified, this overrides the very thing we are trying to test. Andrew Bartlett 
The purpose of this test is to ensure that the Kerberos credentials
cache is valid.  If the username and password is specified, this
overrides the very thing we are trying to test.

Andrew Bartlett