Michael Ströder wrote:
Geert Jansen wrote:
Michael Ströder wrote:
I saw that kinit is started as a shell sub-process.
Actually Python-AD comes with a C module that wraps the required
Kerberos functions (see lib/ad/protocol/krb5.c). What you probably saw
is the use of kinit in the test suite, where I use it to verify the
credentials acquired by the C module.
Ah, ok. Interesting. Why don't you separate the krb5 module into another
project. I guess some people might be interested in that.
Especially my dream would be to support HTTP-Authentication based on
SPNEGO/GSSAPI in web2ldap. But not only authenticating the user at the
web server. I would rather like forward the service ticket requested for
a particular LDAP service to the LDAP server in a SASL/GSSAPI
BindRequest. Do you think that's feasible?
there is pykerberos from
http://trac.calendarserver.org/projects/calendarserver/browser/PyKerberos/
I am interested in a better GSSAPI binding for Python.. and have some
incomplete code locally if anyone else is interested.
To do credential forwarding, the gss is currently kind of crappy about
how to extract creds portably, but if you know it's kerberos and you can
set KRB5CCNAME to a temporary file you can stash a delegated TGT into a
temp ccache so that SASL/GSS can find it when you talk ldap.
--
David Leonard [EMAIL PROTECTED]
Ph:+61 404 844 850
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Python-LDAP-dev mailing list
Python-LDAP-dev@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/python-ldap-dev
