Also check cracklib_maxlen with heimdal-strength

diff --git a/tests/tools/heimdal-strength-t b/tests/tools/heimdal-strength-t
index 3130fb197acc026e996a7e85654dadb433d3fcb0..1c958ac9028b564f0e349526ba74fcfb3df360ec 100755 (executable)
--- a/tests/tools/heimdal-strength-t
+++ b/tests/tools/heimdal-strength-t
@@ -158,6 +158,9 @@ for my $type (qw(cdb classes cracklib length letter principal sqlite)) {
 # We run the principal tests three times, for CrackLib, CDB, and SQLite.
 $count += 2 * scalar(@{ $tests{principal} });
 
+# We run the length checks twice.
+$count += scalar(@{ $tests{length} });
+
 # We can now calculate our plan based on three tests for each password test,
 # plus 21 additional tests for error handling.
 plan(tests => $count * 3 + 21);
@@ -189,6 +192,24 @@ for my $test (@{ $tests{length} }) {
     check_password($test);
 }
 
+# Add a CrackLib dictionary and a maximum password length setting.
+$krb5_conf = create_krb5_conf(
+    {
+        password_dictionary => "$datadir/dictionary",
+        minimum_length      => 12,
+        cracklib_maxlen     => 11,
+    }
+);
+local $ENV{KRB5_CONFIG} = $krb5_conf;
+
+# Run the length checks again.  They should have the same result, even though
+# there's a CrackLib dictionary, since the dictionary hit is above the minimum
+# length.
+note('Password length checks with cracklib_maxlen');
+for my $test (@{ $tests{length} }) {
+    check_password($test);
+}
+
 # Install the krb5.conf file for simple character class restrictions.
 $krb5_conf = create_krb5_conf(
     {