diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2013-12-03 09:14:00 -0700 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2014-02-27 15:50:37 -0500 |
| commit | 4facb9d8ceea6ffe07297f375bf05d9c72bc6125 (patch) | |
| tree | 44bd9f9645f87dccd84da37ccae0e2c109cd64c3 /ipalib | |
| parent | adcd373931c50d91550f6b74b191d08ecce5b137 (diff) | |
| download | freeipa.git-master.tar.gz freeipa.git-master.tar.xz freeipa.git-master.zip | |
This currently server supports only host and hostgroup commands for
retrieving, adding and deleting entries.
The incoming requests are completely unauthenticated and by default
requests must be local.
Utilize GSS-Proxy to manage the TGT.
Configuration information is in the ipa-smartproxy man page.
Design: http://www.freeipa.org/page/V3/Smart_Proxy
Diffstat (limited to 'ipalib')
| -rw-r--r-- | ipalib/util.py | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/ipalib/util.py b/ipalib/util.py index fcc4b159..89c06800 100644 --- a/ipalib/util.py +++ b/ipalib/util.py @@ -57,12 +57,15 @@ def json_serialize(obj): def get_current_principal(): try: - # krbV isn't necessarily available on client machines, fail gracefully - import krbV - return unicode(krbV.default_context().default_ccache().principal().name) + import kerberos + rc, vc = kerberos.authGSSClientInit("notempty") + rc = kerberos.authGSSClientInquireCred(vc) + username = kerberos.authGSSClientUserName(vc) + kerberos.authGSSClientClean(vc) + return unicode(username) except ImportError: - raise RuntimeError('python-krbV is not available.') - except krbV.Krb5Error: + raise RuntimeError('python-kerberos is not available.') + except kerberos.GSSError, e: #TODO: do a kinit? raise errors.CCacheError() |