On 2015-07-29 10:09, Michael Šimáček wrote:
> GSSAPI doesn't provide any method (that I'm aware of) to get default
> ccache name. In most cases this is not needed as we can simply not pass
> any name and it will use the default. The ldap plugin had to be adjusted
> for this - the connect method now takes new use_gssapi argument, which
> can turn on gssapi support without the need to supply explicit ccache
> name. The only place where the ccache name is really needed is the test
> server, where I use system klist command to obtain it.

You can use ctypes or cffi for the task, too. It's much faster and more
convenient. Here is a quick example how to use ctypes for the function
calls. kdcproxy uses similar code to parse /etc/krb5.conf.

>>> import ctypes
>>> LIBKRB5 = ctypes.CDLL('libkrb5.so.3')
>>> ctx = ctypes.c_void_p()
>>> ccache = ctypes.c_void_p()
>>> LIBKRB5.krb5_init_context(ctypes.byref(ctx))
>>> LIBKRB5.krb5_cc_default(ctx, ctypes.byref(ccache))
>>> LIBKRB5.krb5_cc_get_type.restype = ctypes.c_char_p
>>> LIBKRB5.krb5_cc_get_name.restype = ctypes.c_char_p
>>> LIBKRB5.krb5_cc_get_type(ctx, ccache)
>>> LIBKRB5.krb5_cc_get_name(ctx, ccache)
>>> LIBKRB5.krb5_cc_close(ctx, ccache)
>>> LIBKRB5.krb5_free_context(ctx)

If you like the approach I can write a more safe implementation with
proper error checking.


Attachment: signature.asc
Description: OpenPGP digital signature

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to