change-password.exp [plain text]
load_lib "helpers.exp"
set timeout 30
spawn stty -a
expect { eof {} }
wait
# Setup: make sure the principals we will use have V4 salt
fix_salt "CPW.setup" testuser notathena notathena
fix_salt "CPW.setup" pol1 pol111111 pol111111
fix_salt "CPW.setup" pol2 pol222222 pol222222
unexpire "CPW.setup" testuser
unexpire "CPW.setup" pol1
unexpire "CPW.setup" pol2
unexpire "CPW.setup" changepw/kerberos
server_start "CPW.all" "-n" 1 {
"KADM Server starting in the OVSEC_KADM mode" {}
}
kpasswd_v4 CPW.1 testuser 0 notathena foobar { "Password changed." {} }
kpasswd_v4 CPW.1 testuser 0 foobar notathena { "Password changed." {} }
kpasswd_v4 CPW.3 pol1 -1 pol111111 foo {
"New password is too short." {}
} {
"$kpasswd_v4: Insecure password rejected while attempting to change password." { send "\003\n"; close; break }
}
kpasswd_v4 CPW.4 pol1 -1 pol111111 foooooooo {
"New password does not have enough character classes." {}
} {
"$kpasswd_v4: Insecure password rejected while attempting to change password." { send "\003\n"; close; break }
}
kpasswd_v4 CPW.5 pol1 -1 pol111111 Abyssinia {
"New password was found in a dictionary" {}
} {
"$kpasswd_v4: Insecure password rejected while attempting to change password." { send "\003\n"; close; break }
}
kpasswd_v4 CPW.6.setup pol1 0 pol111111 polAAAAAA { "Password changed." {} }
kpasswd_v4 CPW.6 pol1 -1 polAAAAAA pol111111 {
"New password was used previously." {}
} {
"$kpasswd_v4: Insecure password rejected while attempting to change password." { send "\003\n"; close; break }
}
# We used to use kdb5_edit, which reset last_pwd_change. Now we used
# kadmin.local, which doesn't, so we have to wait out the min life.
exec $sleep 30
kpasswd_v4 CPW.7.setup pol2 0 pol222222 polBBBBBB { "Password changed." {} }
kpasswd_v4 CPW.7 pol2 -1 polBBBBBB pol222222 {
"Password cannot be changed because it was changed too recently." {}
} {
"$kpasswd_v4: Insecure password rejected while attempting to change password." { send "\003\n"; close; break }
}
server_exit "CPW.all" -1