git.samba.org - metze/samba/wip.git/commit

author	Aaron Haslett <aaronhaslett@catalyst.net.nz>
	Mon, 30 Apr 2018 23:10:24 +0000 (11:10 +1200)
committer	Andreas Schneider <asn@cryptomilk.org>
	Tue, 15 May 2018 10:41:55 +0000 (12:41 +0200)
commit	a3d6fdd5355d366f3d23915cecc10c6f039daa44
tree	71f7d788e1df5506c1cc92219197e1a7c38e5f4d	tree
parent	506c520503eacff33064c1c23a068399f7296d86	commit \| diff

auth: keytab invalidation test

chgtdcpass should add a new DC password and delete the old ones but the bug
exposed by this test causes the tool to remove only a single record from
the old entries, leaving the old passwords functional. Since the tool is
used by administrators who may have disclosed their domain join password and
want to invalidate it, this is a security concern.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13415

Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

selftest/knownfail.d/keytab	[new file with mode: 0644]	blob
selftest/tests.py		diff \| blob \| history
source4/auth/tests/kerberos.c	[new file with mode: 0644]	blob
source4/auth/wscript_build		diff \| blob \| history