IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-26 16:16:31 -06:00
Code Issues Packages Projects Releases Wiki Activity

test_krbtpolicy: skip SPAKE-related tests in FIPS mode

Browse Source 
SPAKE is based on the crypto primitives which are not FIPS compliant
yet. This means that in FIPS mode use of 'hardened' authentication
indicator is not possible. Skip corresponding tests in FIPS mode.

Related: https://pagure.io/freeipa/issue/9119

Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
This commit is contained in:
Alexander Bokovoy 2022-03-15 11:39:46 +02:00
parent 621af275c3
commit 517ae594e1
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ipatests/test_integration/test_krbtpolicy.py
View File

@ -105,6 +105,9 @@ class TestPWPolicy(IntegrationTest):
def test_krbtpolicy_password_and_hardended(self):
"""Test a pwd and hardened kerberos ticket policy with 10min tickets"""
if self.master.is_fips_mode:
pytest.skip("SPAKE pre-auth is not compatible with FIPS mode")
master = self.master
master.run_command(['ipa', 'user-mod', USER1,
'--user-auth-type', 'password',
@ -133,6 +136,9 @@ class TestPWPolicy(IntegrationTest):
def test_krbtpolicy_hardended(self):
"""Test a hardened kerberos ticket policy with 30min tickets"""
if self.master.is_fips_mode:
pytest.skip("SPAKE pre-auth is not compatible with FIPS mode")
master = self.master
master.run_command(['ipa', 'user-mod', USER1,
'--user-auth-type', 'hardened'])