On 11/24/2016 04:27 PM, Adam Bishop wrote:
I'm writing a bit of code using ipalib directly, I'm a little stuck on 
authentication though.

It works fine if grab a Kerberos ticket with kinit then run the code 
interactively, but I'd like to run this as a daemon which makes maintaining a 
ticket tricky.

What other options are there for authenticating to the API, avoiding calling 
external tools like curl or kinit?

Regards,

Adam Bishop

   gpg: E75B 1F92 6407 DFDF 9F1C  BF10 C993 2504 6609 D460

jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by 
guarantee which is registered in England under Company No. 5747339, VAT No. GB 
197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, 
BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited 
by guarantee which is registered in England under company number 2881024, VAT 
number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, 
Bristol BS2 0JA. T 0203 697 5800.


Hello Adam,

Nice to see someone interested in FreeIPA development. For questions about developing FreeIPA, feel free to contact other developers at freeipa-de...@redhat.com (in CC). You can also create a pull request on GitHub (https://github.com/freeipa/freeipa) if you'd like to share your code with the community.

As for your question, would it be feasible to use keytabs? Sure, you still have to perform kinit but there's no user action required (except for maintaining the keytab, of course).

Standa

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to