Kerberos raw prototol testing

Andrew Bartlett abartlet at
Tue Apr 27 10:31:11 UTC 2021

On Tue, 2021-04-27 at 08:31 +0200, Stefan Metzmacher wrote:
> Hi Andrew,

(brining this bit back to samba-technical)

> Please be aware of the WIP merge request:
> python/samba/tests/krb5/ is the relevant part
> as well as the get_*_creds() helpers in
> python/samba/tests/krb5/,
> there _generic_kdc_exchange() and the _test_as_exchange() helpers
> make it easy to also check the encrypted parts of the exchange.
> _test_as_req_enc_timestamp() demonstrates a simple password based
> authentication and checks almost every field in the response (also
> in the encrypted parts and cross checks encrypted and plain fields)
> checking the PAC including the signatures shouldn't be that complex.
> Also extending it to do FAST and regenerate the same packets as
> seen in the windows to windows captures.

Thanks so much for the pointers and the code.  

Thanks for keeping this tree recently rebased, but how do we go from

Should we just learn from the concepts and implement the narrow case at
hand (FAST testing) and you will integrate it later, or is there a
better way?  How can I/we use your code?

I'm sorry to say that despite having worked with you for something like
two decades, I still don't know how to practically and respectfully
work with your WIP branches.

To date I've generally focussed on picking out and merging the few
patches with a full signed-off-by on them and (say with the Heimdal
trees) trying to keep some of the rebasing current, but otherwise I'm
very lost.

There is clearly a lot of effort and value in between all the 'sq',
'fixup' and reverts, but I don't know how to sift that gold out
properly and refine it into an 'upstream' state.

So, rather than wonder another decade, can I get the quick 'working
with a metze WIP branch' HOWTO?  (I need this for the Heimdal upgrade
branch as well).


Andrew Bartlett

Andrew Bartlett (he/him)
Samba Team Member (since 2001)
Samba Team Lead, Catalyst IT

Samba Development and Support, Catalyst IT - Expert Open Source

More information about the samba-technical mailing list