On 2015-07-29 10:09, Michael Šimáček wrote: > GSSAPI doesn't provide any method (that I'm aware of) to get default > ccache name. In most cases this is not needed as we can simply not pass > any name and it will use the default. The ldap plugin had to be adjusted > for this - the connect method now takes new use_gssapi argument, which > can turn on gssapi support without the need to supply explicit ccache > name. The only place where the ccache name is really needed is the test > server, where I use system klist command to obtain it.
You can use ctypes or cffi for the task, too. It's much faster and more
convenient. Here is a quick example how to use ctypes for the function
calls. kdcproxy uses similar code to parse /etc/krb5.conf.
>>> import ctypes
>>> LIBKRB5 = ctypes.CDLL('libkrb5.so.3')
>>> ctx = ctypes.c_void_p()
>>> ccache = ctypes.c_void_p()
>>> LIBKRB5.krb5_init_context(ctypes.byref(ctx))
0
>>> LIBKRB5.krb5_cc_default(ctx, ctypes.byref(ccache))
0
>>> LIBKRB5.krb5_cc_get_type.restype = ctypes.c_char_p
>>> LIBKRB5.krb5_cc_get_name.restype = ctypes.c_char_p
>>> LIBKRB5.krb5_cc_get_type(ctx, ccache)
'KEYRING'
>>> LIBKRB5.krb5_cc_get_name(ctx, ccache)
'persistent:1000:1000'
>>> LIBKRB5.krb5_cc_close(ctx, ccache)
>>> LIBKRB5.krb5_free_context(ctx)
If you like the approach I can write a more safe implementation with
proper error checking.
Christian
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
