c3bc938 ipatests: make sure PKINIT enrollment works with a strict policy

1 file Authored by abbra a year ago, Committed by antorres a year ago,
    ipatests: make sure PKINIT enrollment works with a strict policy
    
    Previously, for a global policy which does not include
    'password', krb5kdc restart was failing. Now it should succeed.
    
    We set admin user authentication type to PASSWORD to simplify
    configuration in the test.
    
    What matters here is that global policy does not include PKINIT and that
    means a code in the ticket policy check will allow PKINIT implicitly
    rather than explicitly.
    
    Related: https://pagure.io/freeipa/issue/9485
    
    Signed-off-by: Alexander Bokovoy <abokovoy@redhat.com>
    Reviewed-By: Francisco Trivino <ftrivino@redhat.com>