3 realm = K5Realm(create_host=False, get_creds=False, start_kadmind=True)
6 # Mark a principal as expired and change its password through kinit.
7 mark('password change via kinit')
8 realm.run([kadminl, 'modprinc', '-pwexpire', '1 day ago', 'user'])
9 pwinput = password('user') + '\nabcd\nabcd\n'
10 realm.run([kinit, realm.user_princ], input=pwinput)
12 # Regression test for #7868 (preauth options ignored when
13 # krb5_get_init_creds_password() initiates a password change). This
14 # time use the REQUIRES_PWCHANGE bit instead of the password
16 mark('password change via kinit with FAST')
17 realm.run([kadminl, 'modprinc', '+needchange', 'user'])
18 pwinput = 'abcd\nefgh\nefgh\n'
19 out, trace = realm.run([kinit, '-T', realm.ccache, realm.user_princ],
20 input=pwinput, return_trace=True)
21 # Check that FAST was used when getting the kadmin/changepw ticket.
22 getting_changepw = fast_used_for_changepw = False
23 for line in trace.splitlines():
24 if 'Getting initial credentials for user@' in line:
25 getting_changepw_ticket = False
26 if 'Setting initial creds service to kadmin/changepw' in line:
27 getting_changepw_ticket = True
28 if getting_changepw_ticket and 'Using FAST' in line:
29 fast_used_for_changepw = True
30 if not fast_used_for_changepw:
31 fail('FAST was not used to get kadmin/changepw ticket')
33 # Test that passwords specified via kadmin and kpasswd are usable with
35 mark('password change usability by kinit')
36 realm.run([kadminl, 'addprinc', '-pw', 'pw1', 'testprinc'])
37 # Run kpasswd with an active cache to exercise automatic FAST use.
38 realm.kinit('testprinc', 'pw1')
39 realm.run([kpasswd, 'testprinc'], input='pw1\npw2\npw2\n')
40 realm.kinit('testprinc', 'pw2')
42 realm.run([kpasswd, 'testprinc'], input='pw2\npw3\npw3\n')
43 realm.kinit('testprinc', 'pw3')
45 realm.run_kadmin(['cpw', '-pw', 'pw4', 'testprinc'])
46 realm.kinit('testprinc', 'pw4')
48 realm.run([kadminl, 'delprinc', 'testprinc'])
50 success('Password change tests')
projects / platform / upstream / krb5.git / blob