mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
Test AES SHA 256 and 384 Kerberos enctypes enabled
AES SHA 256 and 384-bit enctypes supported by MIT kerberos but was not enabled in IPA. This test is to check if these types are enabled. related: https://pagure.io/freeipa/issue/8110 Signed-off-by: Mohammad Rizwan Yusuf <myusuf@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Francois Cami <fcami@redhat.com>
This commit is contained in:
parent
939ee59c27
commit
b0d57d99e5
@ -33,6 +33,7 @@ from ipatests.pytest_ipa.integration import tasks
|
||||
from ipaplatform.tasks import tasks as platform_tasks
|
||||
from ipatests.create_external_ca import ExternalCA
|
||||
from ipatests.test_ipalib.test_x509 import good_pkcs7, badcert
|
||||
from ipapython.ipautil import realm_to_suffix
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@ -130,6 +131,26 @@ class TestIPACommand(IntegrationTest):
|
||||
cader = ssl.PEM_cert_to_DER_cert(cacrt)
|
||||
return base64.b64encode(cader).decode('ascii')
|
||||
|
||||
def test_aes_sha_kerberos_enctypes(self):
|
||||
"""Test AES SHA 256 and 384 Kerberos enctypes enabled
|
||||
|
||||
AES SHA 256 and 384-bit enctypes supported by MIT kerberos but
|
||||
was not enabled in IPA. This test is to check if these types are
|
||||
enabled.
|
||||
|
||||
related: https://pagure.io/freeipa/issue/8110
|
||||
"""
|
||||
tasks.kinit_admin(self.master)
|
||||
dn = DN(("cn", self.master.domain.realm), ("cn", "kerberos"),
|
||||
realm_to_suffix(self.master.domain.realm))
|
||||
result = tasks.ldapsearch_dm(self.master, str(dn),
|
||||
["krbSupportedEncSaltTypes"],
|
||||
scope="base")
|
||||
assert "aes128-sha2:normal" in result.stdout_text
|
||||
assert "aes128-sha2:special" in result.stdout_text
|
||||
assert "aes256-sha2:normal" in result.stdout_text
|
||||
assert "aes256-sha2:special" in result.stdout_text
|
||||
|
||||
def test_certmap_match_issue7520(self):
|
||||
# https://pagure.io/freeipa/issue/7520
|
||||
tasks.kinit_admin(self.master)
|
||||
|
Loading…
Reference in New Issue
Block a user