[PATCH] Add KDC test to check cipher selection

Andrew Bartlett abartlet at samba.org
Fri Jul 8 12:10:19 UTC 2016

On Wed, 2016-07-06 at 14:47 +0200, Andreas Schneider wrote:
> On Wednesday, 6 July 2016 22:54:03 CEST Andrew Bartlett wrote:
> > I really appreciate your patience for this quite horrid test
> > infrastructure.  I'm proud of what it tests, but the means to the
> > end
> > is also quite a contortion.
> The tests are fine but you did a lot of copy&paste instead of moving
> code into 
> functions :)

This isn't quite as unintentional as you might have expected, because
when put in functions, we don't get the line numbers in the assertions.

This mattered more during development, so I don't mind the cleanup

> I've implemented the KDC test functions already with MIT:
> https://git.samba.org/?p=asn/samba.git;a=shortlog;h=refs/heads/master
> -mit-kdc
> It revealed an old behavior from MIT in the BREAKPW test:
>  https://github.com/krb5/krb5/pull/480
> the clock skew test only works if kdc_timesync is disabled on the
> client side 
> with MIT Kerberos. A feature implemented by Stef Walter.
> I find the send and receive hook in Heimdal horrible. We put a bit
> more 
> thought into the API in MIT Kerberos and it is much nicer to use and
> more 
> flexible in what kind of tests you can write.

I'm quite sure a hook designed with this purpose in mind would beat
overloading a call made for an entirely different one any day.  The
Heimdal hook was added to permit what we now know as the horror of
nested event loops in the single process AD DC.
Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list