[PATCH] Add KDC test to check cipher selection

Andrew Bartlett abartlet at samba.org
Wed Jul 6 10:54:03 UTC 2016


On Wed, 2016-07-06 at 12:13 +0200, Andreas Schneider wrote:
> On Tuesday, 5 July 2016 17:10:54 CEST Andrew Bartlett wrote:
> > On Mon, 2016-07-04 at 15:53 +0200, Andreas Schneider wrote:
> > > Hello,
> > > 
> > > G√ľnther made a patch 2 years ago for Samba AD DC with MIT
> > > Kerberos.
> > > Metze 
> > > asked for a test to see if it is only needed for MIT. So first I
> > > wrote the MIT 
> > > testcase:
> > > 
> > > https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/ma
> > > ster
> > > -mit-kdc
> > > 
> > > and wrote one for Heimdal now:
> > > 
> > > https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/ma
> > > ster
> > > -kdc
> > > 
> > > The patch is only needed for MIT Kerberos but I need to find out
> > > why
> > > MIT 
> > > doesn't select the strongest key but let the KDB module decide
> > > which
> > > to use 
> > > ...
> > > 
> > > The new test is also attached.
> > > 
> > > 
> > > Review and push appreciated!
> > 
> > Please add your signed-off-by, otherwise:
> > 
> > Reviewed-by: Andrew Bartlett <abartlet at samba.org>
> 
> Thanks you very much, but as the changes are bigger and I added
> helper macros 
> and needed to disable the AES test for fl2000dc I'm resubmitting
> them.
> 
> Please have a look again.

Thanks.  This still looks great.  I'm wondering if we should check the
PA-DATA more often, but for now that is fine and it is easy to enable
more globally later, so thanks!

Reviewed-by: Andrew Bartlett <abartlet at samba.org>

I've pushed it to autobuild, but if that fails for some reason feel
free to re-push yourself. 

I really appreciate your patience for this quite horrid test
infrastructure.  I'm proud of what it tests, but the means to the end
is also quite a contortion. 

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba






More information about the samba-technical mailing list