rpms / ipa

Clone
Source Code
GIT

Blame SOURCES/0033-test_krbtpolicy-skip-SPAKE-related-tests-in-FIPS-mod.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-DL1 c8-beta-stream-client c8-stream-DL1 c8-stream-client c8s-stream-DL1 c8s-stream-client c9 c9-beta
  1.   bb0ded7c797df5267e7e8c6deb2bc5746f4fdc1f
  2.   SOURCES
  3.   0033-test_krbtpolicy-skip-SPAKE-related-tests-in-FIPS-mod.patch
Blob History Raw
bb0ded 
From 2e70535f74e7d9dd76e728eca1119ce522fd138a Mon Sep 17 00:00:00 2001
bb0ded 
From: Alexander Bokovoy <abokovoy@redhat.com>
bb0ded 
Date: Tue, 15 Mar 2022 11:39:46 +0200
bb0ded 
Subject: [PATCH] test_krbtpolicy: skip SPAKE-related tests in FIPS mode
bb0ded
bb0ded 
SPAKE is based on the crypto primitives which are not FIPS compliant
bb0ded 
yet. This means that in FIPS mode use of 'hardened' authentication
bb0ded 
indicator is not possible. Skip corresponding tests in FIPS mode.
bb0ded
bb0ded 
Related: https://pagure.io/freeipa/issue/9119
bb0ded
bb0ded 
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
bb0ded 
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
bb0ded 
---
bb0ded 
 ipatests/test_integration/test_krbtpolicy.py | 6 ++++++
bb0ded 
 1 file changed, 6 insertions(+)
bb0ded
bb0ded 
diff --git a/ipatests/test_integration/test_krbtpolicy.py b/ipatests/test_integration/test_krbtpolicy.py
bb0ded 
index 9489fbc97b7836aecf491b57627f254d4849eb56..eae16247bdfb195c1d91209cf2d11eac4c25018f 100644
bb0ded 
--- a/ipatests/test_integration/test_krbtpolicy.py
bb0ded 
+++ b/ipatests/test_integration/test_krbtpolicy.py
bb0ded 
@@ -105,6 +105,9 @@ class TestPWPolicy(IntegrationTest):
bb0ded
bb0ded 
     def test_krbtpolicy_password_and_hardended(self):
bb0ded 
         """Test a pwd and hardened kerberos ticket policy with 10min tickets"""
bb0ded 
+        if self.master.is_fips_mode:
bb0ded 
+            pytest.skip("SPAKE pre-auth is not compatible with FIPS mode")
bb0ded 
+
bb0ded 
         master = self.master
bb0ded 
         master.run_command(['ipa', 'user-mod', USER1,
bb0ded 
                             '--user-auth-type', 'password',
bb0ded 
@@ -133,6 +136,9 @@ class TestPWPolicy(IntegrationTest):
bb0ded
bb0ded 
     def test_krbtpolicy_hardended(self):
bb0ded 
         """Test a hardened kerberos ticket policy with 30min tickets"""
bb0ded 
+        if self.master.is_fips_mode:
bb0ded 
+            pytest.skip("SPAKE pre-auth is not compatible with FIPS mode")
bb0ded 
+
bb0ded 
         master = self.master
bb0ded 
         master.run_command(['ipa', 'user-mod', USER1,
bb0ded 
                             '--user-auth-type', 'hardened'])
bb0ded 
--
bb0ded 
2.34.1
bb0ded

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation