On Tue, 28 Jul 2015, Simo Sorce wrote:
On Tue, 2015-07-28 at 13:55 +0300, Alexander Bokovoy wrote:
On Tue, 28 Jul 2015, Petr Vobornik wrote:
>On 07/28/2015 10:57 AM, Michael Šimáček wrote:
>>I'm working on porting FreeIPA away from python-krbV. Backend.krb and
>>KRB5_CCache classes are mere wrappers around krbV bindings, so it would
>>make sense to remove them. But I found the former used in the example in
>>doc/examples/python-api.py. Is it part of FreeIPA's API? Shall I provide
>>some partial compatibility layer for it? (only partial because some
>>methods can take krbV objects as arguments)
>Does the replacement offer API which has all the methods as the
>wrappers? If so we can remove them.
>Imho we can remove Backend.krb aka ipalib/plugins/kerberos.py. It's
>used only in 2 files, both are not in production. But I'm not sure
>about KRB5_CCache, the wrapper has some exception logic which might be
>wanted to be kept.
Backend.krb can go if you provide something similar to KRB5_CCache. We
need to be able to initialize ccache with that class -- either by using
existing ccache (we often marshall ccache content to memcached and then
unmarshall it when the same session comes back) or by using a keytab.
After ccache is provided, we need to be able to query default principal
of the existing ccache.
We should be able to do all this with python-gssapi and the store
Yep. It would be good to have a helper, though.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code