On 2015-07-29 10:09, Michael Šimáček wrote: > GSSAPI doesn't provide any method (that I'm aware of) to get default > ccache name. In most cases this is not needed as we can simply not pass > any name and it will use the default. The ldap plugin had to be adjusted > for this - the connect method now takes new use_gssapi argument, which > can turn on gssapi support without the need to supply explicit ccache > name. The only place where the ccache name is really needed is the test > server, where I use system klist command to obtain it.
You can use ctypes or cffi for the task, too. It's much faster and more convenient. Here is a quick example how to use ctypes for the function calls. kdcproxy uses similar code to parse /etc/krb5.conf. >>> import ctypes >>> LIBKRB5 = ctypes.CDLL('libkrb5.so.3') >>> ctx = ctypes.c_void_p() >>> ccache = ctypes.c_void_p() >>> LIBKRB5.krb5_init_context(ctypes.byref(ctx)) 0 >>> LIBKRB5.krb5_cc_default(ctx, ctypes.byref(ccache)) 0 >>> LIBKRB5.krb5_cc_get_type.restype = ctypes.c_char_p >>> LIBKRB5.krb5_cc_get_name.restype = ctypes.c_char_p >>> LIBKRB5.krb5_cc_get_type(ctx, ccache) 'KEYRING' >>> LIBKRB5.krb5_cc_get_name(ctx, ccache) 'persistent:1000:1000' >>> LIBKRB5.krb5_cc_close(ctx, ccache) >>> LIBKRB5.krb5_free_context(ctx) If you like the approach I can write a more safe implementation with proper error checking. Christian
signature.asc
Description: OpenPGP digital signature
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code