21 * questions. |
21 * questions. |
22 */ |
22 */ |
23 |
23 |
24 /* |
24 /* |
25 * @test |
25 * @test |
26 * @bug 6951366 |
26 * @bug 6932525 6951366 6959292 |
27 * @summary kerberos login failure on win2008 with AD set to win2000 compat mode |
27 * @summary kerberos login failure on win2008 with AD set to win2000 compat mode |
|
28 * and cannot login if session key and preauth does not use the same etype |
28 */ |
29 */ |
29 import com.sun.security.auth.module.Krb5LoginModule; |
30 import com.sun.security.auth.module.Krb5LoginModule; |
30 import java.io.File; |
31 import java.io.File; |
31 import sun.security.krb5.Config; |
32 import sun.security.krb5.Config; |
32 import sun.security.krb5.EncryptedData; |
33 import sun.security.krb5.EncryptedData; |
50 |
51 |
51 kdc.writeKtab(OneKDC.KTAB); |
52 kdc.writeKtab(OneKDC.KTAB); |
52 new File(OneKDC.KRB5_CONF).deleteOnExit(); |
53 new File(OneKDC.KRB5_CONF).deleteOnExit(); |
53 new File(OneKDC.KTAB).deleteOnExit(); |
54 new File(OneKDC.KTAB).deleteOnExit(); |
54 |
55 |
55 kdc.setOption(KDC.Option.ONLY_RC4_TGT, true); |
|
56 |
|
57 KeyTab ktab = KeyTab.getInstance(OneKDC.KTAB); |
56 KeyTab ktab = KeyTab.getInstance(OneKDC.KTAB); |
58 for (int etype: EType.getBuiltInDefaults()) { |
57 for (int etype: EType.getBuiltInDefaults()) { |
59 if (etype != EncryptedData.ETYPE_ARCFOUR_HMAC) { |
58 if (etype != EncryptedData.ETYPE_ARCFOUR_HMAC) { |
60 ktab.deleteEntry(new PrincipalName(OneKDC.USER), etype); |
59 ktab.deleteEntry(new PrincipalName(OneKDC.USER), etype); |
61 } |
60 } |
62 } |
61 } |
63 ktab.save(); |
62 ktab.save(); |
|
63 |
|
64 // For 6932525 and 6951366, make sure the etypes sent in 2nd AS-REQ |
|
65 // is not restricted to that of preauth |
|
66 kdc.setOption(KDC.Option.ONLY_RC4_TGT, true); |
|
67 x.go(); |
|
68 |
|
69 // For 6959292, make sure that when etype for enc-part in 2nd AS-REQ |
|
70 // is different from that of preauth, client can still decrypt it |
|
71 kdc.setOption(KDC.Option.ONLY_RC4_PREAUTH, true); |
64 x.go(); |
72 x.go(); |
65 } |
73 } |
66 |
74 |
67 void go() throws Exception { |
75 void go() throws Exception { |
68 Krb5LoginModule krb5 = new Krb5LoginModule(); |
76 Krb5LoginModule krb5 = new Krb5LoginModule(); |