ipatests: add case for hardened-only ticket policy

Signed-off-by: Julien Rische <jrische@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
2025-02-25 18:55:28 -06:00 · 2022-02-01 19:38:29 +01:00 · 2022-02-01 19:38:29 +01:00 · 97d123cccc
commit 97d123cccc
parent 35e94bee0e
1 changed files with 28 additions and 2 deletions
--- a/ipatests/test_integration/test_krbtpolicy.py
+++ b/ipatests/test_integration/test_krbtpolicy.py
@ -103,8 +103,8 @@ class TestPWPolicy(IntegrationTest):
        result = master.run_command('klist | grep krbtgt')
        assert maxlife_within_policy(result.stdout_text, MAXLIFE) is True

-    def test_krbtpolicy_hardended(self):
-        """Test a hardened kerberos ticket policy with 10 min tickets"""
+    def test_krbtpolicy_password_and_hardended(self):
+        """Test a pwd and hardened kerberos ticket policy with 10min tickets"""
        master = self.master
        master.run_command(['ipa', 'user-mod', USER1,
                            '--user-auth-type', 'password',
@ -131,6 +131,32 @@ class TestPWPolicy(IntegrationTest):
        result = master.run_command('klist | grep krbtgt')
        assert maxlife_within_policy(result.stdout_text, MAXLIFE) is True

+    def test_krbtpolicy_hardended(self):
+        """Test a hardened kerberos ticket policy with 30min tickets"""
+        master = self.master
+        master.run_command(['ipa', 'user-mod', USER1,
+                            '--user-auth-type', 'hardened'])
+        master.run_command(['ipa', 'config-mod',
+                            '--user-auth-type', 'hardened'])
+        master.run_command(['ipa', 'krbtpolicy-mod', USER1,
+                            '--hardened-maxlife', '1800'])
+
+        tasks.kdestroy_all(master)
+
+        master.run_command(['kinit', USER1],
+                           stdin_text=PASSWORD + '\n')
+        result = master.run_command('klist | grep krbtgt')
+        assert maxlife_within_policy(result.stdout_text, 1800,
+                                     slush=1800) is True
+
+        tasks.kdestroy_all(master)
+
+        # Verify that the short policy only applies to USER1
+        master.run_command(['kinit', USER2],
+                           stdin_text=PASSWORD + '\n')
+        result = master.run_command('klist | grep krbtgt')
+        assert maxlife_within_policy(result.stdout_text, MAXLIFE) is True
+
    def test_krbtpolicy_password(self):
        """Test the kerberos ticket policy which issues 20 min tickets"""
        master = self.master