diff options
author | Rob Crittenden <rcritten@redhat.com> | 2013-12-03 09:14:00 -0700 |
---|---|---|
committer | Petr Viktorin <pviktori@redhat.com> | 2014-04-30 21:57:27 +0200 |
commit | 64dcb1ec76fa706320746720431ef815eb3e9ecd (patch) | |
tree | fe2884e42b5dcc11cdd640e7d2b790d20d86e63b /ipalib/util.py | |
parent | 923c7ab7bc0eb361dae6e6fb3f05854499625368 (diff) | |
download | freeipa-64dcb1ec76fa706320746720431ef815eb3e9ecd.tar.gz freeipa-64dcb1ec76fa706320746720431ef815eb3e9ecd.tar.xz freeipa-64dcb1ec76fa706320746720431ef815eb3e9ecd.zip |
Implement an IPA Foreman smartproxy server
This currently server supports only host and hostgroup commands for
retrieving, adding and deleting entries.
The incoming requests are completely unauthenticated and by default
requests must be local.
Utilize GSS-Proxy to manage the TGT.
Configuration information is in the ipa-smartproxy man page.
Design: http://www.freeipa.org/page/V3/Smart_Proxy
https://fedorahosted.org/freeipa/ticket/4128
Reviewed-By: Petr Viktorin <pviktori@redhat.com>
Diffstat (limited to 'ipalib/util.py')
-rw-r--r-- | ipalib/util.py | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/ipalib/util.py b/ipalib/util.py index fcc4b1591..89c068008 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -57,12 +57,15 @@ def json_serialize(obj): def get_current_principal(): try: - # krbV isn't necessarily available on client machines, fail gracefully - import krbV - return unicode(krbV.default_context().default_ccache().principal().name) + import kerberos + rc, vc = kerberos.authGSSClientInit("notempty") + rc = kerberos.authGSSClientInquireCred(vc) + username = kerberos.authGSSClientUserName(vc) + kerberos.authGSSClientClean(vc) + return unicode(username) except ImportError: - raise RuntimeError('python-krbV is not available.') - except krbV.Krb5Error: + raise RuntimeError('python-kerberos is not available.') + except kerberos.GSSError, e: #TODO: do a kinit? raise errors.CCacheError() |