aboutsummaryrefslogtreecommitdiff
path: root/src/test/kerberos/t/001_auth.pl
diff options
context:
space:
mode:
Diffstat (limited to 'src/test/kerberos/t/001_auth.pl')
-rw-r--r--src/test/kerberos/t/001_auth.pl36
1 files changed, 36 insertions, 0 deletions
diff --git a/src/test/kerberos/t/001_auth.pl b/src/test/kerberos/t/001_auth.pl
index 3bc4ad7dd36..a0ed3a0a0b5 100644
--- a/src/test/kerberos/t/001_auth.pl
+++ b/src/test/kerberos/t/001_auth.pl
@@ -337,6 +337,32 @@ test_query(
'gssencmode=require',
'sending 100K lines works');
+# require_auth=gss succeeds if required.
+$node->connect_ok(
+ $node->connstr('postgres')
+ . " user=test1 host=$host hostaddr=$hostaddr gssencmode=disable require_auth=gss",
+ "GSS authentication requested, works with non-encyrpted GSS");
+$node->connect_ok(
+ $node->connstr('postgres')
+ . " user=test1 host=$host hostaddr=$hostaddr gssencmode=require require_auth=gss",
+ "GSS authentication requested, works with encrypted GSS auth");
+
+# require_auth=sspi fails if required.
+$node->connect_fails(
+ $node->connstr('postgres')
+ . " user=test1 host=$host hostaddr=$hostaddr gssencmode=disable require_auth=sspi",
+ "SSPI authentication requested, fails with non-encrypted GSS",
+ expected_stderr =>
+ qr/auth method "sspi" requirement failed: server requested GSSAPI authentication/
+);
+$node->connect_fails(
+ $node->connstr('postgres')
+ . " user=test1 host=$host hostaddr=$hostaddr gssencmode=require require_auth=sspi",
+ "SSPI authentication requested, fails with encrypted GSS",
+ expected_stderr =>
+ qr/auth method "sspi" requirement failed: server did not complete authentication/
+);
+
# Test that SYSTEM_USER works.
test_query($node, 'test1', 'SELECT SYSTEM_USER;',
qr/^gss:test1\@$realm$/s, 'gssencmode=require', 'testing system_user');
@@ -382,6 +408,16 @@ test_access(
test_access($node, 'test1', 'SELECT true', 2, 'gssencmode=disable',
'fails with GSS encryption disabled and hostgssenc hba');
+# require_auth=gss succeeds if required.
+$node->connect_ok(
+ $node->connstr('postgres')
+ . " user=test1 host=$host hostaddr=$hostaddr gssencmode=require require_auth=gss",
+ "GSS authentication requested, works with GSS encryption");
+$node->connect_ok(
+ $node->connstr('postgres')
+ . " user=test1 host=$host hostaddr=$hostaddr gssencmode=require require_auth=gss,scram-sha-256",
+ "multiple authentication types requested, works with GSS encryption");
+
unlink($node->data_dir . '/pg_hba.conf');
$node->append_conf('pg_hba.conf',
qq{hostnogssenc all all $hostaddr/32 gss map=mymap});
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-07 02:42:04 +0000