[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

tests/can

Having patches for heimdal-1.2.1rc1 to compile even with pk-init and/or
threads support disabled, I tried to apply them to 1.2 as well. It
compiled well, but when compiled without pk-init support, it failed testing:

> Load database for mit-pkinit-20070607
> Doing database check
> kdc replay
> processing request from IPv4:141.211.133.26, 192 bytes
> processing request from IPv4:141.211.133.26, 2100 bytes
> 2008-06-09T14:53:38 label: default
> 2008-06-09T14:53:38     dbname: ../../tests/can/current-db
> 2008-06-09T14:53:38     mkey_file: ../../tests/can/mkey.file
> 2008-06-09T14:53:38     acl_file: /var/heimdal/kadmind.acl
> 2008-06-09T14:53:38 AS-REQ aglo@HEIMDAL.CITI.UMICH.EDU from IPv4:141.211.133.26 for krbtgt/HEIMDAL.CITI.UMICH.EDU@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T14:53:38 No preauth found, returning PREAUTH-REQUIRED -- aglo@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T14:53:38 AS-REQ aglo@HEIMDAL.CITI.UMICH.EDU from IPv4:141.211.133.26 for krbtgt/HEIMDAL.CITI.UMICH.EDU@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T14:53:38 Client sent patypes: PK-INIT(win2k), 132
> 2008-06-09T14:53:38 Looking for ENC-TS pa-data -- aglo@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T14:53:38 No preauth found, returning PREAUTH-REQUIRED -- aglo@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T14:53:38 tag mismatch
> FAIL: check-can

Looks to me as if the test requires pk-init support even though that has
been disabled. Unfortunately I don't actually understand what the code
does and what this particular test is testing so reporting the failure
here is as far as I can go.

Interestingly even tests of 1.2.1rc1 compiled with pk-init (and
threads), that went OK not long ago, failed now at the same point, only
with different complaints:

> Load database for mit-pkinit-20070607
> Doing database check
> kdc replay
> processing request from IPv4:141.211.133.26, 192 bytes
> processing request from IPv4:141.211.133.26, 2100 bytes
> 2008-06-09T15:34:37 label: default
> 2008-06-09T15:34:37     dbname: ../../tests/can/current-db
> 2008-06-09T15:34:37     mkey_file: ../../tests/can/mkey.file
> 2008-06-09T15:34:37     acl_file: /var/heimdal/kadmind.acl
> 2008-06-09T15:34:37 AS-REQ aglo@HEIMDAL.CITI.UMICH.EDU from IPv4:141.211.133.26 for krbtgt/HEIMDAL.CITI.UMICH.EDU@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T15:34:37 No preauth found, returning PREAUTH-REQUIRED -- aglo@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T15:34:37 AS-REQ aglo@HEIMDAL.CITI.UMICH.EDU from IPv4:141.211.133.26 for krbtgt/HEIMDAL.CITI.UMICH.EDU@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T15:34:37 Client sent patypes: PK-INIT(win2k), 132
> 2008-06-09T15:34:37 Looking for PKINIT pa-data -- aglo@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T15:34:37 PKINIT: failed to verify signature: Failed to find certificate issued by CN=CITI Production KCA,O=University of Michigan,L=Ann Arbor,S=Michigan,C=US with serial number 010BAA: 569894
> 2008-06-09T15:34:37 PKINIT: Couldn't find recipient certificate
> 2008-06-09T15:34:37 Failed to decode PKINIT PA-DATA -- aglo@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T15:34:37 Looking for ENC-TS pa-data -- aglo@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T15:34:37 No preauth found, returning PREAUTH-REQUIRED -- aglo@HEIMDAL.CITI.UMICH.EDU
> 2008-06-09T15:34:37 tag mismatch
> FAIL: check-can

Since in tests/can there are files like:

mit-pkinit-20070607.ca.crt
mit-pkinit-20070607.cf
mit-pkinit-20070607.kadm
mit-pkinit-20070607.req
mit-pkinit-20070607.xf

I suspect the cause to be a year passing and some (pre)authentication
data having been changed, but again I don't actually know what I am
playing with and speaking about.

Is there just some fault on my part, or a real problem?

With best regards
				Honza Macháček