[PATCH] Add KDC test to check cipher selection
Andrew Bartlett
abartlet at samba.org
Wed Jul 6 10:54:03 UTC 2016
On Wed, 2016-07-06 at 12:13 +0200, Andreas Schneider wrote:
> On Tuesday, 5 July 2016 17:10:54 CEST Andrew Bartlett wrote:
> > On Mon, 2016-07-04 at 15:53 +0200, Andreas Schneider wrote:
> > > Hello,
> > >
> > > Günther made a patch 2 years ago for Samba AD DC with MIT
> > > Kerberos.
> > > Metze
> > > asked for a test to see if it is only needed for MIT. So first I
> > > wrote the MIT
> > > testcase:
> > >
> > > https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/ma
> > > ster
> > > -mit-kdc
> > >
> > > and wrote one for Heimdal now:
> > >
> > > https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/ma
> > > ster
> > > -kdc
> > >
> > > The patch is only needed for MIT Kerberos but I need to find out
> > > why
> > > MIT
> > > doesn't select the strongest key but let the KDB module decide
> > > which
> > > to use
> > > ...
> > >
> > > The new test is also attached.
> > >
> > >
> > > Review and push appreciated!
> >
> > Please add your signed-off-by, otherwise:
> >
> > Reviewed-by: Andrew Bartlett <abartlet at samba.org>
>
> Thanks you very much, but as the changes are bigger and I added
> helper macros
> and needed to disable the AES test for fl2000dc I'm resubmitting
> them.
>
> Please have a look again.
Thanks. This still looks great. I'm wondering if we should check the
PA-DATA more often, but for now that is fine and it is easy to enable
more globally later, so thanks!
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
I've pushed it to autobuild, but if that fails for some reason feel
free to re-push yourself.
I really appreciate your patience for this quite horrid test
infrastructure. I'm proud of what it tests, but the means to the end
is also quite a contortion.
Thanks,
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list