45 lines
1.8 KiB
Diff
45 lines
1.8 KiB
Diff
From 2e70535f74e7d9dd76e728eca1119ce522fd138a Mon Sep 17 00:00:00 2001
|
|
From: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Date: Tue, 15 Mar 2022 11:39:46 +0200
|
|
Subject: [PATCH] test_krbtpolicy: skip SPAKE-related tests in FIPS mode
|
|
|
|
SPAKE is based on the crypto primitives which are not FIPS compliant
|
|
yet. This means that in FIPS mode use of 'hardened' authentication
|
|
indicator is not possible. Skip corresponding tests in FIPS mode.
|
|
|
|
Related: https://pagure.io/freeipa/issue/9119
|
|
|
|
Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
Reviewed-By: Francisco Trivino <ftrivino@redhat.com>
|
|
---
|
|
ipatests/test_integration/test_krbtpolicy.py | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
diff --git a/ipatests/test_integration/test_krbtpolicy.py b/ipatests/test_integration/test_krbtpolicy.py
|
|
index 9489fbc97b7836aecf491b57627f254d4849eb56..eae16247bdfb195c1d91209cf2d11eac4c25018f 100644
|
|
--- a/ipatests/test_integration/test_krbtpolicy.py
|
|
+++ b/ipatests/test_integration/test_krbtpolicy.py
|
|
@@ -105,6 +105,9 @@ class TestPWPolicy(IntegrationTest):
|
|
|
|
def test_krbtpolicy_password_and_hardended(self):
|
|
"""Test a pwd and hardened kerberos ticket policy with 10min tickets"""
|
|
+ if self.master.is_fips_mode:
|
|
+ pytest.skip("SPAKE pre-auth is not compatible with FIPS mode")
|
|
+
|
|
master = self.master
|
|
master.run_command(['ipa', 'user-mod', USER1,
|
|
'--user-auth-type', 'password',
|
|
@@ -133,6 +136,9 @@ class TestPWPolicy(IntegrationTest):
|
|
|
|
def test_krbtpolicy_hardended(self):
|
|
"""Test a hardened kerberos ticket policy with 30min tickets"""
|
|
+ if self.master.is_fips_mode:
|
|
+ pytest.skip("SPAKE pre-auth is not compatible with FIPS mode")
|
|
+
|
|
master = self.master
|
|
master.run_command(['ipa', 'user-mod', USER1,
|
|
'--user-auth-type', 'hardened'])
|
|
--
|
|
2.34.1
|
|
|