Kerberos raw prototol testing

Stefan Metzmacher metze at
Sun May 2 23:16:30 UTC 2021

Am 27.04.21 um 12:31 schrieb Andrew Bartlett:
> On Tue, 2021-04-27 at 08:31 +0200, Stefan Metzmacher wrote:
>> Hi Andrew,
> (brining this bit back to samba-technical)
>> Please be aware of the WIP merge request:
>> python/samba/tests/krb5/ is the relevant part
>> as well as the get_*_creds() helpers in
>> python/samba/tests/krb5/,
>> there _generic_kdc_exchange() and the _test_as_exchange() helpers
>> make it easy to also check the encrypted parts of the exchange.
>> _test_as_req_enc_timestamp() demonstrates a simple password based
>> authentication and checks almost every field in the response (also
>> in the encrypted parts and cross checks encrypted and plain fields)
>> checking the PAC including the signatures shouldn't be that complex.
>> Also extending it to do FAST and regenerate the same packets as
>> seen in the windows to windows captures.
> Thanks so much for the pointers and the code.  
> Thanks for keeping this tree recently rebased, but how do we go from
> here?  
> Should we just learn from the concepts and implement the narrow case at
> hand (FAST testing) and you will integrate it later, or is there a
> better way?  How can I/we use your code?
> I'm sorry to say that despite having worked with you for something like
> two decades, I still don't know how to practically and respectfully
> work with your WIP branches.
> To date I've generally focussed on picking out and merging the few
> patches with a full signed-off-by on them and (say with the Heimdal
> trees) trying to keep some of the rebasing current, but otherwise I'm
> very lost.
> There is clearly a lot of effort and value in between all the 'sq',
> 'fixup' and reverts, but I don't know how to sift that gold out
> properly and refine it into an 'upstream' state.
> So, rather than wonder another decade, can I get the quick 'working
> with a metze WIP branch' HOWTO?  (I need this for the Heimdal upgrade
> branch as well).

Just look at the complete diff of that branch and, and work on top of that. If you're ok with it I can just
squash almost everything and propose it as one large patch in order to
make progress and get it to master. Or do you think it would be useful
to have some of the preparation as individual commits?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the samba-technical mailing list