On Tue, 28 Jul 2015, Simo Sorce wrote:
On Tue, 2015-07-28 at 13:55 +0300, Alexander Bokovoy wrote:
On Tue, 28 Jul 2015, Petr Vobornik wrote:
>On 07/28/2015 10:57 AM, Michael Šimáček wrote:
>>Hi,
>>
>>I'm working on porting FreeIPA away from python-krbV. Backend.krb and
>>KRB5_CCache classes are mere wrappers around krbV bindings, so it would
>>make sense to remove them. But I found the former used in the example in
>>doc/examples/python-api.py. Is it part of FreeIPA's API? Shall I provide
>>some partial compatibility layer for it? (only partial because some
>>methods can take krbV objects as arguments)
>>
>>Thank you,
>>Michael Simacek
>>
>
>Does the replacement offer API which has all the methods as the
>wrappers? If so we can remove them.
>
>Imho we can remove Backend.krb aka ipalib/plugins/kerberos.py. It's
>used only in 2 files, both are not in production. But I'm not sure
>about KRB5_CCache, the wrapper has some exception logic which might be
>wanted to be kept.
Backend.krb can go if you provide something similar to KRB5_CCache. We
need to be able to initialize ccache with that class -- either by using
existing ccache (we often marshall ccache content to memcached and then
unmarshall it when the same session comes back) or by using a keytab.
After ccache is provided, we need to be able to query default principal
of the existing ccache.


We should be able to do all this with python-gssapi and the store
extensions.
Yep. It would be good to have a helper, though.
--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to