testprogs: Use new kerberos options for smbclient(4) tests

Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
author: Andreas Schneider <asn@samba.org> 2020-11-19 17:43:58 +0100
committer: Andrew Bartlett <abartlet@samba.org> 2021-06-16 00:34:38 +0000
commit: c01213471fe77c6b07c1008a4b4f5153afffa71e (patch)
tree: a253c9e0683a269ba128e9052ae37a4a032f3c4e /testprogs
parent: b49a8605563c90467b5e22cea755bdbf1248c846 (diff)
download: samba-c01213471fe77c6b07c1008a4b4f5153afffa71e.tar.gz
10 files changed, 91 insertions, 91 deletions
diff --git a/testprogs/blackbox/test_chgdcpass.sh b/testprogs/blackbox/test_chgdcpass.sh
index 1c8659ecc92..54137b980ca 100755
--- a/testprogs/blackbox/test_chgdcpass.sh
+++ b/testprogs/blackbox/test_chgdcpass.sh
@@ -69,7 +69,7 @@ else
 fi
 
 #This is important because it puts the ticket for the old KVNO and password into a local ccache
-test_smbclient "Test login with kerberos ccache before password change" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache before password change" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 #check that drs bind works before we change the password (prime the ccache)
 test_drs bind "Test drs bind with with kerberos ccache" || failed=`expr $failed + 1`
@@ -80,7 +80,7 @@ test_drs options "Test drs options with with kerberos ccache" || failed=`expr $f
 testit "change dc password" $PYTHON $samba4srcdir/scripting/devel/chgtdcpass --configfile=$PROVDIR/etc/smb.conf || failed=`expr $failed + 1`
 
 #This is important because it shows that the old ticket remains valid (as it must) for incoming connections after the DC password is changed
-test_smbclient "Test login with kerberos ccache after password change" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache after password change" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 #check that drs bind works after we change the password
 test_drs bind "Test drs bind with new password" || failed=`expr $failed + 1`
@@ -92,7 +92,7 @@ testit "change dc password (2nd time)" $PYTHON $samba4srcdir/scripting/devel/chg
 
 # This is important because it shows that the old ticket is discarded if the server rejects it (as it must) after the password was changed twice in succession.
 # This also ensures we handle the case where the domain is re-provisioned etc
-test_smbclient "Test login with kerberos ccache after 2nd password change" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache after 2nd password change" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 #check that drs bind works after we change the password a 2nd time
 test_drs bind "Test drs bind after 2nd password change" || failed=`expr $failed + 1`
@@ -106,7 +106,7 @@ if [ $heimdal -eq 1 ]; then
 else
 	testit "kinit with keytab" $samba4kinit -k -t $PROVDIR/private/secrets.keytab $USERNAME || failed=`expr $failed + 1`
 fi
-test_smbclient "Test login with kerberos ccache with fresh kinit" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache with fresh kinit" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 rm -f $KRB5CCNAME
 
diff --git a/testprogs/blackbox/test_export_keytab_heimdal.sh b/testprogs/blackbox/test_export_keytab_heimdal.sh
index 6a2595cd684..d595650e46b 100755
--- a/testprogs/blackbox/test_export_keytab_heimdal.sh
+++ b/testprogs/blackbox/test_export_keytab_heimdal.sh
@@ -86,11 +86,11 @@ export KRB5CCNAME
 
 testit "kinit with keytab as user" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
 
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "kinit with keytab as user (2)" $VALGRIND $samba4kinit --keytab=$PREFIX/tmpkeytab-2 --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
 
-test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache as user (2)" 'ls' "$unc"  --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 KRB5CCNAME="$PREFIX/tmpadminccache"
 export KRB5CCNAME
diff --git a/testprogs/blackbox/test_export_keytab_mit.sh b/testprogs/blackbox/test_export_keytab_mit.sh
index f18668008f9..3e80605e8f3 100755
--- a/testprogs/blackbox/test_export_keytab_mit.sh
+++ b/testprogs/blackbox/test_export_keytab_mit.sh
@@ -109,11 +109,11 @@ KRB5CCNAME="$PREFIX/tmpuserccache"
 export KRB5CCNAME
 
 testit "kinit with keytab as user" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-all $TEST_USER@$REALM || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' --use-kerberos=required || failed=`expr $failed + 1`
 $samba_kdestroy
 
 testit "kinit with keytab as user (one princ)" $VALGRIND $samba_kinit -k -t $PREFIX/tmpkeytab-user-princ $TEST_USER@$REALM || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache (one princ)" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache (one princ)" 'ls' --use-kerberos=required || failed=`expr $failed + 1`
 $samba_kdestroy
 
 KRB5CCNAME="$PREFIX/tmpadminccache"
diff --git a/testprogs/blackbox/test_kinit_heimdal.sh b/testprogs/blackbox/test_kinit_heimdal.sh
index a17fd190179..99fcb5482a2 100755
--- a/testprogs/blackbox/test_kinit_heimdal.sh
+++ b/testprogs/blackbox/test_kinit_heimdal.sh
@@ -67,17 +67,17 @@ testit "reset password policies beside of minimum password age of 0 days" $VALGR
 
 echo $PASSWORD > $PREFIX/tmppassfile
 testit "kinit with password (initial)" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "kinit with password (windows style)" $samba4kinit $enctype  --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R
 
-test_smbclient "Test login with kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
 
@@ -110,7 +110,7 @@ export KRB5CCNAME
 rm -f $KRB5CCNAME_PATH
 testit "kinit with user password (after enable of user and password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
 
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 NEWUSERPASS=testPaSS@34%
 testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -Unettestuser%$USERPASS $CONFIGURATION -k no --newpassword=$NEWUSERPASS $@ || failed=`expr $failed + 1`
@@ -119,20 +119,20 @@ echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
 rm -f $KRB5CCNAME_PATH
 testit "kinit with user password (after rpc password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
 
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 
 rm -f $KRB5CCNAME_PATH
 testit "kinit with password (NT-Principal style) using UPN" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 rm -f $KRB5CCNAME_PATH
 testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 rm -f $KRB5CCNAME_PATH
 testit "kinit with password (windows style) using UPN" $samba4kinit $enctype  --renewable --windows --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache from windows UPN" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache from windows UPN" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 cat > $PREFIX/tmpldbmodify <<EOF
 dn: cn=nettestuser,cn=users,$BASEDN
@@ -145,7 +145,7 @@ testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify
 
 rm -f $KRB5CCNAME_PATH
 testit "kinit with password (enterprise style) using UPN" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmpuserpassfile --request-pac nettest@$REALM.org   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache from enterprise UPN, different domain" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache from enterprise UPN, different domain" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 
 USERPASS=$NEWUSERPASS
@@ -170,7 +170,7 @@ testit "kinit with user password (after kpasswd change)" $samba4kinit $enctype -
 NEWUSERPASS=testPaSS@78%
 echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
 
-test_smbclient "Test login with user kerberos ccache (after kpasswd change)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache (after kpasswd change)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 cat > $PREFIX/tmpkpasswdscript <<EOF
 expect New password
@@ -185,7 +185,7 @@ testit "set user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba
 rm -f $KRB5CCNAME_PATH
 testit "kinit with user password (after kpasswd set)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
 
-test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 NEWUSERPASS=testPaSS@910%
 echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
@@ -202,7 +202,7 @@ testit "set user password with kpasswd and servicePrincipalName" $texpect $PREFI
 
 testit "kinit with user password (after set with kpasswd and spn)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
 
-test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 cat > $PREFIX/tmpldbmodify <<EOF
 dn: cn=nettestuser,cn=users,$BASEDN
@@ -230,12 +230,12 @@ EOF
 
 testit "kinit with user password for expired password" $texpect $PREFIX/tmppasswordchange $samba4kinit $enctype --request-pac nettestuser@$REALM && failed=`expr $failed + 1`
 
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
 testit "kinit with user password (after password change forced by expiration)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM   || failed=`expr $failed + 1`
 
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 KRB5CCNAME_PATH="$PREFIX/tmpccache"
 KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
@@ -244,14 +244,14 @@ export KRB5CCNAME
 rm -rf $KRB5CCNAME_PATH
 
 lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]')
-test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" -k yes -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" -k yes -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" --use-kerberos=required -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" --use-kerberos=required -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1`
 
 testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
 
 rm -f $KRB5CCNAME_PATH
 testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1`
-test_smbclient "Test machine account login with kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test machine account login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
 
diff --git a/testprogs/blackbox/test_kinit_mit.sh b/testprogs/blackbox/test_kinit_mit.sh
index c428dac0386..66e8a284e6d 100755
--- a/testprogs/blackbox/test_kinit_mit.sh
+++ b/testprogs/blackbox/test_kinit_mit.sh
@@ -81,10 +81,10 @@ EOF
 ###########################################################
 
 testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $USERNAME@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "kinit renew ticket" $samba_kinit -R   || failed=`expr $failed + 1`
-test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 $samba_kdestroy
 
@@ -93,11 +93,11 @@ $samba_kdestroy
 ###########################################################
 
 testit "kinit with password (enterprise style)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $USERNAME@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 # This does not work with MIT Kerberos 1.14 or older
 testit "kinit renew ticket (enterprise style)" $samba_kinit -R   || failed=`expr $failed + 1`
-test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 $samba_kdestroy
 
@@ -155,7 +155,7 @@ send ${USERPASS}\n
 EOF
 
 testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 ### Change password
 
@@ -168,7 +168,7 @@ send ${NEWUSERPASS}\n
 EOF
 
 testit "kinit with new user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 $samba_kdestroy
 
@@ -177,12 +177,12 @@ $samba_kdestroy
 ###########################################################
 
 testit "kinit with new (NT-Principal style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettest@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache from NT UPN" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache from NT UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 $samba_kdestroy
 
 testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 $samba_kdestroy
 
@@ -200,7 +200,7 @@ EOF
 testit "modify userPrincipalName to be a different domain" $VALGRIND $ldbmodify $ADMIN_LDBMODIFY_CONFIG $PREFIX/tmpldbmodify $PREFIX/tmpldbmodify -k yes $@ || failed=`expr $failed + 1`
 
 testit "kinit with new (enterprise style) using UPN" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit -E nettest@$REALM.org   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache from enterprise UPN" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 $samba_kdestroy
 
@@ -209,7 +209,7 @@ $samba_kdestroy
 ###########################################################
 
 testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 USERPASS=$NEWUSERPASS
 NEWUSERPASS=testPaSS@56%
@@ -235,7 +235,7 @@ send ${USERPASS}\n
 EOF
 
 testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 $samba_kdestroy
 
@@ -272,7 +272,7 @@ send ${NEWUSERPASS}\n
 EOF
 
 testit "kinit (MIT) with user password for expired password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 USERPASS=$NEWUSERPASS
 cat > $PREFIX/tmpkinituserpassscript <<EOF
@@ -281,7 +281,7 @@ send ${USERPASS}\n
 EOF
 
 testit "kinit with user password" $samba_texpect $PREFIX/tmpkinituserpassscript $samba_kinit nettestuser@$REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 ###########################################################
 ### Test login with lowercase realm
@@ -294,8 +294,8 @@ export KRB5CCNAME
 rm -rf $KRB5CCNAME_PATH
 
 lowerrealm=$(echo $REALM | tr '[A-Z]' '[a-z]')
-test_smbclient "Test login with user kerberos lowercase realm" 'ls' -k yes -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' -k yes -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos lowercase realm" 'ls' --use-kerberos=required -Unettestuser@$lowerrealm%$NEWUSERPASS || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' --use-kerberos=required -Unettestuser@$REALM%$NEWUSERPASS --realm=$lowerrealm || failed=`expr $failed + 1`
 
 testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete nettestuser $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
 
@@ -305,7 +305,7 @@ testit "del user with kerberos ccache" $VALGRIND $PYTHON $samba_tool user delete
 
 rm -f $KRB5CCNAME_PATH
 testit "kinit with machineaccountccache script" $PYTHON $machineaccountccache $CONFIGURATION $KRB5CCNAME || failed=`expr $failed + 1`
-test_smbclient "Test machine account login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test machine account login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "reset password policies" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=default --max-pwd-age=default || failed=`expr $failed + 1`
 
diff --git a/testprogs/blackbox/test_kinit_trusts_heimdal.sh b/testprogs/blackbox/test_kinit_trusts_heimdal.sh
index bf0b81a0473..f971a8fcde2 100755
--- a/testprogs/blackbox/test_kinit_trusts_heimdal.sh
+++ b/testprogs/blackbox/test_kinit_trusts_heimdal.sh
@@ -51,40 +51,40 @@ rm -rf $KRB5CCNAME_PATH
 
 echo $TRUST_PASSWORD > $PREFIX/tmppassfile
 testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 rm -rf $KRB5CCNAME_PATH
 
 # Test with smbclient4
 smbclient="$samba4bindir/smbclient4"
 testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache (smbclient4)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache (smbclient4)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 rm -rf $KRB5CCNAME_PATH
 
 testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM   || failed=`expr $failed + 1`
 smbclient="$samba4bindir/smbclient"
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 if test x"${TYPE}" = x"forest" ;then
 	testit "kinit with password (upn enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac testdenied_upn@${TRUST_REALM}.upn   || failed=`expr $failed + 1`
-	test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+	test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 fi
 
 testit "kinit with password (windows style)" $samba4kinit $enctype  --renewable --windows --password-file=$PREFIX/tmppassfile --request-pac $TRUST_USERNAME@$TRUST_REALM   || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "kinit renew ticket" $samba4kinit $enctype --request-pac -R
 
-test_smbclient "Test login with kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "check time with kerberos ccache" $VALGRIND $PYTHON $samba_tool time $SERVER.$REALM $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
 
 lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]')
-test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" -k yes -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" -k yes -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos lowercase realm" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1`
 
 # Test the outgoing direction
 SMBCLIENT_UNC="//$TRUST_SERVER.$TRUST_REALM/tmp"
-test_smbclient "Test user login with the first outgoing secret" 'ls' "$unc" -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
+test_smbclient "Test user login with the first outgoing secret" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
 
 testit_expect_failure "setpassword should not work" $VALGRIND $PYTHON $samba_tool user setpassword "${TRUST_DOMAIN}\$" --random-password || failed=`expr $failed + 1`
 
@@ -92,7 +92,7 @@ testit "wbinfo ping dc" $VALGRIND $wbinfo --ping-dc --domain=$TRUST_DOMAIN || fa
 testit "wbinfo change outgoing trust pw" $VALGRIND $wbinfo --change-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
 testit "wbinfo check outgoing trust pw" $VALGRIND $wbinfo --check-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
 
-test_smbclient "Test user login with the changed outgoing secret" 'ls' "$unc" -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
+test_smbclient "Test user login with the changed outgoing secret" 'ls' "$unc" --use-kerberos=required -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
 
 rm -f $PREFIX/tmpccache tmpccfile tmppassfile tmpuserpassfile tmpuserccache
 exit $failed
diff --git a/testprogs/blackbox/test_kinit_trusts_mit.sh b/testprogs/blackbox/test_kinit_trusts_mit.sh
index d797f478661..15a8d6c4d48 100755
--- a/testprogs/blackbox/test_kinit_trusts_mit.sh
+++ b/testprogs/blackbox/test_kinit_trusts_mit.sh
@@ -76,49 +76,49 @@ EOF
 ###########################################################
 
 testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
-test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 $samba_kdestroy
 
 smbclient="$samba_bindir/smbclient4"
 
 testit "kinit with password" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
-test_smbclient "Test login with kerberos ccache (smbclient4)" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache (smbclient4)" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 $samba_kdestroy
 
 smbclient="$samba_bindir/smbclient"
 
 testit "kinit with password (enterprise)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
-test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 $samba_kdestroy
 
 if test x"${TYPE}" = x"forest" ;then
     testit "kinit with password (enterprise UPN)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E testdenied_upn@${TRUST_REALM}.upn || failed=`expr $failed + 1`
-    test_smbclient "Test login with user kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+    test_smbclient "Test login with user kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 fi
 
 $samba_kdestroy
 
 testit "kinit with password (enterprise)" $samba_texpect $PREFIX/tmpkinitscript $samba_kinit -E $TRUST_USERNAME@$TRUST_REALM || failed=`expr $failed + 1`
-test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "kinit renew ticket" $samba_kinit -R
-test_smbclient "Test login with kerberos ccache" 'ls' -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with kerberos ccache" 'ls' --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "check time with kerberos ccache" $VALGRIND $samba_tool time $SERVER.$REALM $CONFIGURATION -k yes $@ || failed=`expr $failed + 1`
 
 $samba_kdestroy
 
 lowerrealm=$(echo $TRUST_REALM | tr '[A-Z]' '[a-z]')
-test_smbclient "Test login with user kerberos lowercase realm" 'ls' -k yes -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' -k yes -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos lowercase realm" 'ls' --use-kerberos=required -U$TRUST_USERNAME@$lowerrealm%$TRUST_PASSWORD || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos lowercase realm 2" 'ls' --use-kerberos=required -U$TRUST_USERNAME@$TRUST_REALM%$TRUST_PASSWORD --realm=$lowerrealm || failed=`expr $failed + 1`
 
 ###########################################################
 ### Test outgoing trust direction
 ###########################################################
 
 SMBCLIENT_UNC="//$TRUST_SERVER.$TRUST_REALM/tmp"
-test_smbclient "Test user login with the first outgoing secret" 'ls' -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
+test_smbclient "Test user login with the first outgoing secret" 'ls' --use-kerberos=required -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
 
 testit_expect_failure "setpassword should not work" $VALGRIND $samba_tool user setpassword "${TRUST_DOMAIN}\$" --random-password || failed=`expr $failed + 1`
 
@@ -126,7 +126,7 @@ testit "wbinfo ping dc" $VALGRIND $wbinfo --ping-dc --domain=$TRUST_DOMAIN || fa
 testit "wbinfo change outgoing trust pw" $VALGRIND $wbinfo --change-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
 testit "wbinfo check outgoing trust pw" $VALGRIND $wbinfo --check-secret --domain=$TRUST_DOMAIN || failed=`expr $failed + 1`
 
-test_smbclient "Test user login with the changed outgoing secret" 'ls' -k yes -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
+test_smbclient "Test user login with the changed outgoing secret" 'ls' --use-kerberos=required -U$USERNAME@$REALM%$PASSWORD || failed=`expr $failed + 1`
 
 ### Cleanup
 
diff --git a/testprogs/blackbox/test_kpasswd_mit.sh b/testprogs/blackbox/test_kpasswd_mit.sh
index c90e924dee4..0d1dcf2eae4 100755
--- a/testprogs/blackbox/test_kpasswd_mit.sh
+++ b/testprogs/blackbox/test_kpasswd_mit.sh
@@ -71,7 +71,7 @@ testit "kinit with user password" \
 	do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
 
 test_smbclient "Test login with user kerberos ccache" \
-	"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "change user password with 'samba-tool user password' (unforced)" \
 	$VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1`
@@ -84,7 +84,7 @@ testit "kinit with user password" \
 	do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
 
 test_smbclient "Test login with user kerberos ccache" \
-	"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 ###########################################################
 ### check that a password mismatch is detected
@@ -157,7 +157,7 @@ testit "kpasswd change user password" \
 TEST_PASSWORD=$TEST_PASSWORD_NEW
 TEST_PASSWORD_NEW="testPaSS@03%"
 
-test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
 
 ###########################################################
 ### Force password change at login
@@ -186,7 +186,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
 TEST_PASSWORD_NEW="testPaSS@05%"
 
 test_smbclient "Test login with user kerberos" \
-	"ls" "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
 
 ###########################################################
 ### Test kpasswd service via 'net ads password'
@@ -199,7 +199,7 @@ testit "change user password with 'net ads password', admin: $DOMAIN/$TEST_USERN
 #TEST_PASSWORD_NEW="testPaSS@06%"
 
 #test_smbclient "Test login with smbclient (ntlm)" \
-#	"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
+#	"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
 
 ###########################################################
 ### Test kpasswd service via 'net ads password' as admin
@@ -212,7 +212,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
 TEST_PASSWORD_NEW="testPaSS@07%"
 
 test_smbclient "Test login with smbclient (ntlm)" \
-	"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
 
 ###########################################################
 ### Cleanup
diff --git a/testprogs/blackbox/test_password_settings.sh b/testprogs/blackbox/test_password_settings.sh
index 600bf0d0751..8c2ca188d3a 100755
--- a/testprogs/blackbox/test_password_settings.sh
+++ b/testprogs/blackbox/test_password_settings.sh
@@ -111,7 +111,7 @@ testit "kinit with user password" \
 	do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
 
 test_smbclient "Test login with user kerberos ccache" \
-	"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 rm -f $KRB5CCNAME_PATH
 
@@ -130,7 +130,7 @@ testit "kinit with user password" \
 	do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
 
 test_smbclient "Test login with user kerberos ccache" \
-	"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 ###########################################################
 ### Change the users password
@@ -146,7 +146,7 @@ testit "kinit with user password" \
 	do_kinit $TEST_PRINCIPAL $TEST_PASSWORD || failed=`expr $failed + 1`
 
 test_smbclient "Test login with user kerberos ccache" \
-	"ls" "$SMB_UNC" -k yes || failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 #
 # These tests demonstrate that a credential cache in the environment does not
@@ -154,9 +154,9 @@ test_smbclient "Test login with user kerberos ccache" \
 #
 
 testit_expect_failure "Test login with user kerberos ccache, but wrong password specified" \
-	$VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k yes -U$TEST_PRINCIPAL%invalidpass && failed=`expr $failed + 1`
+	$VALGRIND $smbclient //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME -U$TEST_PRINCIPAL%invalidpass && failed=`expr $failed + 1`
 testit_expect_failure "Test login with user kerberos ccache, but old password specified" \
-	$VALGRIND $smbclient //$SERVER/tmp -c 'ls' -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD_OLD && failed=`expr $failed + 1`
+	$VALGRIND $smbclient //$SERVER/tmp -c 'ls' --use-krb5-ccache=$KRB5CCNAME -U$TEST_PRINCIPAL%$TEST_PASSWORD_OLD && failed=`expr $failed + 1`
 
 rm -f $KRB5CCNAME_PATH
 
@@ -172,7 +172,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
 TEST_PASSWORD_NEW="testPaSS@03%"
 
 test_smbclient "Test login with user (ntlm)" \
-	"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
 
 testit "set password on user locally" $VALGRIND $PYTHON $samba_tool user setpassword $TEST_USERNAME $CONFIG --newpassword=$TEST_PASSWORD_NEW --must-change-at-next-login || failed=`expr $failed + 1`
 
@@ -180,7 +180,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
 TEST_PASSWORD_NEW="testPaSS@04%"
 
 test_smbclient_expect_failure "Test login with user (NT_STATUS_PASSWORD_MUST_CHANGE)" \
-	"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD && failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD && failed=`expr $failed + 1`
 
 testit "change user password with 'samba-tool user password' (after must change flag set)" \
 	$VALGRIND $PYTHON $samba_tool user password -W$DOMAIN -U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD -k no --newpassword=$TEST_PASSWORD_NEW || failed=`expr $failed + 1`
@@ -188,7 +188,7 @@ testit "change user password with 'samba-tool user password' (after must change
 TEST_PASSWORD=$TEST_PASSWORD_NEW
 TEST_PASSWORD_NEW="testPaSS@05%"
 
-test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos" 'ls' "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
 
 rm -f $KRB5CCNAME_PATH
 
@@ -208,7 +208,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
 TEST_PASSWORD_NEW="testPaSS@06%"
 
 test_smbclient "Test login with user kerberos" \
-	"ls" "$SMB_UNC" -k yes -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-kerberos=required -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
 
 rm -f $KRB5CCNAME_PATH
 
@@ -224,7 +224,7 @@ testit "try to set a non-complex password (command should succeed)" \
 TEST_PASSWORD=$TEST_PASSWORD_WEAK
 
 test_smbclient "test login with non-complex password" \
-	"ls" "$SMB_UNC" -k no -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
+	"ls" "$SMB_UNC" --use-kerberos=disabled -U$TEST_PRINCIPAL%$TEST_PASSWORD || failed=`expr $failed + 1`
 
 testit_expect_failure "try to set a short password (command should not succeed)" \
 	$VALGRIND $PYTHON $samba_tool user password -W$DOMAIN "-U$DOMAIN/$TEST_USERNAME%$TEST_PASSWORD" -k no --newpassword="$TEST_PASSWORD_SHORT" && failed=`expr $failed + 1`
diff --git a/testprogs/blackbox/test_pkinit_heimdal.sh b/testprogs/blackbox/test_pkinit_heimdal.sh
index 641453b4e55..02faa4fccea 100755
--- a/testprogs/blackbox/test_pkinit_heimdal.sh
+++ b/testprogs/blackbox/test_pkinit_heimdal.sh
@@ -73,7 +73,7 @@ testit_expect_failure "STEP1 Test wbinfo with password" $wbinfo --authenticate=$
 
 testit "STEP1 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
 testit "STEP1 kinit renew ticket (name specified)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP1 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP1 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit_expect_failure "STEP1 kinit with pkinit (wrong name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER not$USERNAME@$REALM || failed=`expr $failed + 1`
 
@@ -81,7 +81,7 @@ testit_expect_failure "STEP1 kinit with pkinit (wrong name specified 2) " $samba
 
 testit "STEP1 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
 testit "STEP1 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP1 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP1 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit_expect_failure "STEP1 kinit with pkinit (wrong enterprise name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise not$USERNAME@$REALM || failed=`expr $failed + 1`
 
@@ -89,7 +89,7 @@ testit_expect_failure "STEP1 kinit with pkinit (wrong enterprise name specified
 
 testit "STEP1 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
 testit "STEP1 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP1 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP1 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 # STEP2:
 # We still have UF_SMARTCARD_REQUIRED, but with a known password
@@ -101,36 +101,36 @@ testit_expect_failure "STEP2 Test wbinfo with password" $wbinfo --authenticate=$
 
 testit "STEP2 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
 testit "STEP2 kinit renew ticket (name specified)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP2 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP2 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "STEP2 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
 testit "STEP2 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP2 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP2 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "STEP2 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
 testit "STEP2 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP2 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP2 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 # STEP3:
 # The account is a normal account without the UF_SMARTCARD_REQUIRED bit set
 testit "STEP3 samba-tool user setpassword $USERNAME --smartcard-required" $PYTHON ${samba_tool} user setpassword $USERNAME --newpassword=$PASSWORD --clear-smartcard-required  || failed=`expr $failed + 1`
 
 testit "STEP3 kinit with password" $samba4kinit $enctype --password-file=$PASSFILE_PATH --request-pac $USERNAME@$REALM   || failed=`expr $failed + 1`
-test_smbclient "STEP3 Test login with user kerberos ccache" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP3 Test login with user kerberos ccache" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 test_smbclient "STEP3 Test login with NTLM" 'ls' "$unc" -U$USERNAME%$PASSWORD || failed=`expr $failed + 1`
 testit "STEP3 Test wbinfo with password" $wbinfo --authenticate=$DOMAIN/$USERNAME%$PASSWORD || failed=`expr $failed + 1`
 
 testit "STEP3 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
 testit "STEP3 kinit renew ticket (name specified)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP3 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP3 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "STEP3 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
 testit "STEP3 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP3 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP3 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "STEP3 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
 testit "STEP3 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP3 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP3 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 # STEP4:
 # Now we set the UF_SMARTCARD_REQUIRED bit
@@ -143,15 +143,15 @@ testit_expect_failure "STEP4 Test wbinfo with password" $wbinfo --authenticate=$
 
 testit "STEP4 kinit with pkinit (name specified) " $samba4kinit $enctype --request-pac --renewable $PKUSER $USERNAME@$REALM || failed=`expr $failed + 1`
 testit "STEP4 kinit renew ticket (name specified)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP4 Test login with kerberos ccache (name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP4 Test login with kerberos ccache (name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "STEP4 kinit with pkinit (enterprise name specified)" $samba4kinit $enctype --request-pac --renewable $PKUSER --enterprise $USERNAME@$REALM || failed=`expr $failed + 1`
 testit "STEP4 kinit renew ticket (enterprise name specified)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP4 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP4 Test login with kerberos ccache (enterprise name specified)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 testit "STEP4 kinit with pkinit (enterprise name in cert)" $samba4kinit $enctype --request-pac --renewable $PKUSER --pk-enterprise || failed=`expr $failed + 1`
 testit "STEP4 kinit renew ticket (enterprise name in cert)" $samba4kinit --request-pac -R  || failed=`expr $failed + 1`
-test_smbclient "STEP4 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" -k || failed=`expr $failed + 1`
+test_smbclient "STEP4 Test login with kerberos ccache (enterprise name in cert)" 'ls' "$unc" --use-krb5-ccache=$KRB5CCNAME || failed=`expr $failed + 1`
 
 # STEP5:
 # disable the account
author	Andreas Schneider <asn@samba.org>	2020-11-19 17:43:58 +0100
committer	Andrew Bartlett <abartlet@samba.org>	2021-06-16 00:34:38 +0000
commit	c01213471fe77c6b07c1008a4b4f5153afffa71e (patch)
tree	a253c9e0683a269ba128e9052ae37a4a032f3c4e /testprogs
parent	b49a8605563c90467b5e22cea755bdbf1248c846 (diff)
download	samba-c01213471fe77c6b07c1008a4b4f5153afffa71e.tar.gz