aboutsummaryrefslogtreecommitdiff
path: root/tests/data/scripts/expired
diff options
context:
space:
mode:
Diffstat (limited to 'tests/data/scripts/expired')
-rw-r--r--tests/data/scripts/expired/basic-heimdal31
-rw-r--r--tests/data/scripts/expired/basic-heimdal-debug44
-rw-r--r--tests/data/scripts/expired/basic-heimdal-flag-silent27
-rw-r--r--tests/data/scripts/expired/basic-heimdal-old30
-rw-r--r--tests/data/scripts/expired/basic-heimdal-old-debug43
-rw-r--r--tests/data/scripts/expired/basic-heimdal-silent27
-rw-r--r--tests/data/scripts/expired/basic-mit28
-rw-r--r--tests/data/scripts/expired/basic-mit-debug41
-rw-r--r--tests/data/scripts/expired/basic-mit-flag-silent27
-rw-r--r--tests/data/scripts/expired/basic-mit-silent27
-rw-r--r--tests/data/scripts/expired/defer-mit33
-rw-r--r--tests/data/scripts/expired/defer-mit-debug57
-rw-r--r--tests/data/scripts/expired/fail20
-rw-r--r--tests/data/scripts/expired/fail-debug24
14 files changed, 459 insertions, 0 deletions
diff --git a/tests/data/scripts/expired/basic-heimdal b/tests/data/scripts/expired/basic-heimdal
new file mode 100644
index 000000000000..2b4f471cf247
--- /dev/null
+++ b/tests/data/scripts/expired/basic-heimdal
@@ -0,0 +1,31 @@
+# Test default handling of expired passwords. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2017, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login
+ account = ignore_k5login
+ password = ignore_k5login
+
+[run]
+ authenticate = PAM_SUCCESS
+ acct_mgmt = PAM_SUCCESS
+ open_session = PAM_SUCCESS
+ close_session = PAM_SUCCESS
+
+[prompts]
+ echo_off = Password: |%p
+ info = Password has expired
+ info = Your password will expire at %1
+ info = Changing password
+ echo_off = New password: |%n
+ echo_off = Repeat new password: |%n
+ info = Success: Password changed
+
+[output]
+ INFO user %u authenticated as %0
diff --git a/tests/data/scripts/expired/basic-heimdal-debug b/tests/data/scripts/expired/basic-heimdal-debug
new file mode 100644
index 000000000000..a18cc00c71a9
--- /dev/null
+++ b/tests/data/scripts/expired/basic-heimdal-debug
@@ -0,0 +1,44 @@
+# Test default handling of expired passwords. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2017, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login debug
+ account = ignore_k5login debug
+ password = ignore_k5login debug
+ session = debug
+
+[run]
+ authenticate = PAM_SUCCESS
+ acct_mgmt = PAM_SUCCESS
+ open_session = PAM_SUCCESS
+ close_session = PAM_SUCCESS
+
+[prompts]
+ echo_off = Password: |%p
+ info = Password has expired
+ info = Your password will expire at %1
+ info = Changing password
+ echo_off = New password: |%n
+ echo_off = Repeat new password: |%n
+ info = Success: Password changed
+
+[output]
+ DEBUG pam_sm_authenticate: entry
+ DEBUG (user %u) attempting authentication as %0
+ INFO user %u authenticated as %0
+ DEBUG /^\(user %u\) temporarily storing credentials in /tmp/krb5cc_pam_/
+ DEBUG pam_sm_authenticate: exit (success)
+ DEBUG pam_sm_acct_mgmt: entry
+ DEBUG (user %u) retrieving principal from cache
+ DEBUG pam_sm_acct_mgmt: exit (success)
+ DEBUG pam_sm_open_session: entry
+ DEBUG /^\(user %u\) initializing ticket cache FILE:/tmp/krb5cc_/
+ DEBUG pam_sm_open_session: exit (success)
+ DEBUG pam_sm_close_session: entry
+ DEBUG pam_sm_close_session: exit (success)
diff --git a/tests/data/scripts/expired/basic-heimdal-flag-silent b/tests/data/scripts/expired/basic-heimdal-flag-silent
new file mode 100644
index 000000000000..58e065b485bb
--- /dev/null
+++ b/tests/data/scripts/expired/basic-heimdal-flag-silent
@@ -0,0 +1,27 @@
+# Test default handling of expired passwords with PAM_SILENT. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login
+ account = ignore_k5login
+ password = ignore_k5login
+
+[run]
+ authenticate(SILENT) = PAM_SUCCESS
+ acct_mgmt(SILENT) = PAM_SUCCESS
+ open_session(SILENT) = PAM_SUCCESS
+ close_session(SILENT) = PAM_SUCCESS
+
+[prompts]
+ echo_off = Password: |%p
+ echo_off = New password: |%n
+ echo_off = Repeat new password: |%n
+
+[output]
+ INFO user %u authenticated as %0
diff --git a/tests/data/scripts/expired/basic-heimdal-old b/tests/data/scripts/expired/basic-heimdal-old
new file mode 100644
index 000000000000..dd67ec44df7c
--- /dev/null
+++ b/tests/data/scripts/expired/basic-heimdal-old
@@ -0,0 +1,30 @@
+# Test default handling of expired passwords. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login
+ account = ignore_k5login
+ password = ignore_k5login
+
+[run]
+ authenticate = PAM_SUCCESS
+ acct_mgmt = PAM_SUCCESS
+ open_session = PAM_SUCCESS
+ close_session = PAM_SUCCESS
+
+[prompts]
+ echo_off = Password: |%p
+ info = Your password will expire at %1
+ info = Changing password
+ echo_off = New password: |%n
+ echo_off = Repeat new password: |%n
+ info = Success: Password changed
+
+[output]
+ INFO user %u authenticated as %0
diff --git a/tests/data/scripts/expired/basic-heimdal-old-debug b/tests/data/scripts/expired/basic-heimdal-old-debug
new file mode 100644
index 000000000000..53267f5fac62
--- /dev/null
+++ b/tests/data/scripts/expired/basic-heimdal-old-debug
@@ -0,0 +1,43 @@
+# Test default handling of expired passwords. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login debug
+ account = ignore_k5login debug
+ password = ignore_k5login debug
+ session = debug
+
+[run]
+ authenticate = PAM_SUCCESS
+ acct_mgmt = PAM_SUCCESS
+ open_session = PAM_SUCCESS
+ close_session = PAM_SUCCESS
+
+[prompts]
+ echo_off = Password: |%p
+ info = Your password will expire at %1
+ info = Changing password
+ echo_off = New password: |%n
+ echo_off = Repeat new password: |%n
+ info = Success: Password changed
+
+[output]
+ DEBUG pam_sm_authenticate: entry
+ DEBUG (user %u) attempting authentication as %0
+ INFO user %u authenticated as %0
+ DEBUG /^\(user %u\) temporarily storing credentials in /tmp/krb5cc_pam_/
+ DEBUG pam_sm_authenticate: exit (success)
+ DEBUG pam_sm_acct_mgmt: entry
+ DEBUG (user %u) retrieving principal from cache
+ DEBUG pam_sm_acct_mgmt: exit (success)
+ DEBUG pam_sm_open_session: entry
+ DEBUG /^\(user %u\) initializing ticket cache FILE:/tmp/krb5cc_/
+ DEBUG pam_sm_open_session: exit (success)
+ DEBUG pam_sm_close_session: entry
+ DEBUG pam_sm_close_session: exit (success)
diff --git a/tests/data/scripts/expired/basic-heimdal-silent b/tests/data/scripts/expired/basic-heimdal-silent
new file mode 100644
index 000000000000..028d5fe382f6
--- /dev/null
+++ b/tests/data/scripts/expired/basic-heimdal-silent
@@ -0,0 +1,27 @@
+# Test default handling of expired passwords with silent. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login silent
+ account = ignore_k5login silent
+ password = ignore_k5login silent
+
+[run]
+ authenticate = PAM_SUCCESS
+ acct_mgmt = PAM_SUCCESS
+ open_session = PAM_SUCCESS
+ close_session = PAM_SUCCESS
+
+[prompts]
+ echo_off = Password: |%p
+ echo_off = New password: |%n
+ echo_off = Repeat new password: |%n
+
+[output]
+ INFO user %u authenticated as %0
diff --git a/tests/data/scripts/expired/basic-mit b/tests/data/scripts/expired/basic-mit
new file mode 100644
index 000000000000..9611381b4ce9
--- /dev/null
+++ b/tests/data/scripts/expired/basic-mit
@@ -0,0 +1,28 @@
+# Test default handling of expired passwords. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login
+ account = ignore_k5login
+ password = ignore_k5login
+
+[run]
+ authenticate = PAM_SUCCESS
+ acct_mgmt = PAM_SUCCESS
+ open_session = PAM_SUCCESS
+ close_session = PAM_SUCCESS
+
+[prompts]
+ echo_off = Password: |%p
+ info = Password expired. You must change it now.
+ echo_off = Enter new password: |%n
+ echo_off = Enter it again: |%n
+
+[output]
+ INFO user %u authenticated as %0
diff --git a/tests/data/scripts/expired/basic-mit-debug b/tests/data/scripts/expired/basic-mit-debug
new file mode 100644
index 000000000000..5b58b25b8ec2
--- /dev/null
+++ b/tests/data/scripts/expired/basic-mit-debug
@@ -0,0 +1,41 @@
+# Test default handling of expired passwords. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login debug
+ account = ignore_k5login debug
+ password = ignore_k5login debug
+ session = debug
+
+[run]
+ authenticate = PAM_SUCCESS
+ acct_mgmt = PAM_SUCCESS
+ open_session = PAM_SUCCESS
+ close_session = PAM_SUCCESS
+
+[prompts]
+ echo_off = Password: |%p
+ info = Password expired. You must change it now.
+ echo_off = Enter new password: |%n
+ echo_off = Enter it again: |%n
+
+[output]
+ DEBUG pam_sm_authenticate: entry
+ DEBUG (user %u) attempting authentication as %0
+ INFO user %u authenticated as %0
+ DEBUG /^\(user %u\) temporarily storing credentials in /tmp/krb5cc_pam_/
+ DEBUG pam_sm_authenticate: exit (success)
+ DEBUG pam_sm_acct_mgmt: entry
+ DEBUG (user %u) retrieving principal from cache
+ DEBUG pam_sm_acct_mgmt: exit (success)
+ DEBUG pam_sm_open_session: entry
+ DEBUG /^\(user %u\) initializing ticket cache FILE:/tmp/krb5cc_/
+ DEBUG pam_sm_open_session: exit (success)
+ DEBUG pam_sm_close_session: entry
+ DEBUG pam_sm_close_session: exit (success)
diff --git a/tests/data/scripts/expired/basic-mit-flag-silent b/tests/data/scripts/expired/basic-mit-flag-silent
new file mode 100644
index 000000000000..a13bffdeea44
--- /dev/null
+++ b/tests/data/scripts/expired/basic-mit-flag-silent
@@ -0,0 +1,27 @@
+# Test default handling of expired passwords with PAM_SILENT. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login
+ account = ignore_k5login
+ password = ignore_k5login
+
+[run]
+ authenticate(SILENT) = PAM_SUCCESS
+ acct_mgmt(SILENT) = PAM_SUCCESS
+ open_session(SILENT) = PAM_SUCCESS
+ close_session(SILENT) = PAM_SUCCESS
+
+[prompts]
+ echo_off = Password: |%p
+ echo_off = Enter new password: |%n
+ echo_off = Enter it again: |%n
+
+[output]
+ INFO user %u authenticated as %0
diff --git a/tests/data/scripts/expired/basic-mit-silent b/tests/data/scripts/expired/basic-mit-silent
new file mode 100644
index 000000000000..7dea2b7bdd4e
--- /dev/null
+++ b/tests/data/scripts/expired/basic-mit-silent
@@ -0,0 +1,27 @@
+# Test default handling of expired passwords with silent. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login silent
+ account = ignore_k5login silent
+ password = ignore_k5login silent
+
+[run]
+ authenticate = PAM_SUCCESS
+ acct_mgmt = PAM_SUCCESS
+ open_session = PAM_SUCCESS
+ close_session = PAM_SUCCESS
+
+[prompts]
+ echo_off = Password: |%p
+ echo_off = Enter new password: |%n
+ echo_off = Enter it again: |%n
+
+[output]
+ INFO user %u authenticated as %0
diff --git a/tests/data/scripts/expired/defer-mit b/tests/data/scripts/expired/defer-mit
new file mode 100644
index 000000000000..7403edbfdbbf
--- /dev/null
+++ b/tests/data/scripts/expired/defer-mit
@@ -0,0 +1,33 @@
+# Test deferring handling of expired passwords. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = defer_pwchange use_first_pass
+ account = ignore_k5login
+ password = ignore_k5login use_first_pass
+
+[run]
+ authenticate = PAM_SUCCESS
+ acct_mgmt = PAM_NEW_AUTHTOK_REQD
+ chauthtok(PRELIM_CHECK) = PAM_SUCCESS
+ chauthtok(UPDATE_AUTHTOK) = PAM_SUCCESS
+ acct_mgmt = PAM_SUCCESS
+ open_session = PAM_SUCCESS
+ close_session = PAM_SUCCESS
+
+[prompts]
+ echo_off = Current Kerberos password: |%p
+ echo_off = Enter new Kerberos password: |%n
+ echo_off = Retype new Kerberos password: |%n
+
+[output]
+ INFO user %u authenticated as %0 (expired)
+ INFO user %u account password is expired
+ INFO user %u changed Kerberos password
+ INFO user %u authenticated as %0
diff --git a/tests/data/scripts/expired/defer-mit-debug b/tests/data/scripts/expired/defer-mit-debug
new file mode 100644
index 000000000000..c637f39402f7
--- /dev/null
+++ b/tests/data/scripts/expired/defer-mit-debug
@@ -0,0 +1,57 @@
+# Test deferring handling of expired passwords. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = defer_pwchange use_first_pass debug
+ account = ignore_k5login debug
+ password = ignore_k5login use_first_pass debug
+ session = debug
+
+[run]
+ authenticate = PAM_SUCCESS
+ acct_mgmt = PAM_NEW_AUTHTOK_REQD
+ chauthtok(PRELIM_CHECK) = PAM_SUCCESS
+ chauthtok(UPDATE_AUTHTOK) = PAM_SUCCESS
+ acct_mgmt = PAM_SUCCESS
+ open_session = PAM_SUCCESS
+ close_session = PAM_SUCCESS
+
+[prompts]
+ echo_off = Current Kerberos password: |%p
+ echo_off = Enter new Kerberos password: |%n
+ echo_off = Retype new Kerberos password: |%n
+
+[output]
+ DEBUG pam_sm_authenticate: entry
+ DEBUG (user %u) attempting authentication as %0
+ DEBUG (user %u) krb5_get_init_creds_password: Password has expired
+ DEBUG (user %u) expired account, deferring failure
+ INFO user %u authenticated as %0 (expired)
+ DEBUG pam_sm_authenticate: exit (success)
+ DEBUG pam_sm_acct_mgmt: entry
+ INFO user %u account password is expired
+ DEBUG pam_sm_acct_mgmt: exit (failure)
+ DEBUG pam_sm_chauthtok: entry (prelim)
+ DEBUG (user %u) attempting authentication as %0 for kadmin/changepw
+ DEBUG pam_sm_chauthtok: exit (success)
+ DEBUG pam_sm_chauthtok: entry (update)
+ INFO user %u changed Kerberos password
+ DEBUG (user %u) obtaining credentials with new password
+ DEBUG (user %u) attempting authentication as %0
+ INFO user %u authenticated as %0
+ DEBUG /^\(user %u\) temporarily storing credentials in /tmp/krb5cc_pam_/
+ DEBUG pam_sm_chauthtok: exit (success)
+ DEBUG pam_sm_acct_mgmt: entry
+ DEBUG (user %u) retrieving principal from cache
+ DEBUG pam_sm_acct_mgmt: exit (success)
+ DEBUG pam_sm_open_session: entry
+ DEBUG /^\(user %u\) initializing ticket cache FILE:/tmp/krb5cc_/
+ DEBUG pam_sm_open_session: exit (success)
+ DEBUG pam_sm_close_session: entry
+ DEBUG pam_sm_close_session: exit (success)
diff --git a/tests/data/scripts/expired/fail b/tests/data/scripts/expired/fail
new file mode 100644
index 000000000000..566b4b9c73dc
--- /dev/null
+++ b/tests/data/scripts/expired/fail
@@ -0,0 +1,20 @@
+# Test default handling of expired passwords. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login fail_pwchange
+
+[run]
+ authenticate = PAM_AUTH_ERR
+
+[prompts]
+ echo_off = Password: |%p
+
+[output]
+ NOTICE authentication failure; logname=%u uid=%i euid=%i tty= ruser= rhost=
diff --git a/tests/data/scripts/expired/fail-debug b/tests/data/scripts/expired/fail-debug
new file mode 100644
index 000000000000..7f464b4ed89f
--- /dev/null
+++ b/tests/data/scripts/expired/fail-debug
@@ -0,0 +1,24 @@
+# Test default handling of expired passwords. -*- conf -*-
+#
+# Written by Russ Allbery <eagle@eyrie.org>
+# Copyright 2014, 2020 Russ Allbery <eagle@eyrie.org>
+# Copyright 2010-2011
+# The Board of Trustees of the Leland Stanford Junior University
+#
+# SPDX-License-Identifier: BSD-3-clause or GPL-1+
+
+[options]
+ auth = ignore_k5login fail_pwchange debug
+
+[run]
+ authenticate = PAM_AUTH_ERR
+
+[prompts]
+ echo_off = Password: |%p
+
+[output]
+ DEBUG pam_sm_authenticate: entry
+ DEBUG (user %u) attempting authentication as %0
+ DEBUG /^\(user %u\) krb5_get_init_creds_password: /
+ NOTICE authentication failure; logname=%u uid=%i euid=%i tty= ruser= rhost=
+ DEBUG pam_sm_authenticate: exit (failure)
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-23 20:18:08 +0000