Implementation of credential delegation in pyKerberos
Hi there, I'm not sure that this is the correct place to be posting this, but it's the closest I can find. I've implemented an extra function for python-kerberos that allows credentials to be cached and then used to authenticate to other services using said credentials. I am interested in pushing these changes upstream so that others can use this functionality and I was wondering how I'd go about doing this. Thanks, Joshua Warburton Irax Ltd.
On 03/04/2014 11:04 AM, Joshua Warburton wrote:
Hi there,
I'm not sure that this is the correct place to be posting this, but it's the closest I can find.
I've implemented an extra function for python-kerberos that allows credentials to be cached and then used to authenticate to other services using said credentials. I am interested in pushing these changes upstream so that others can use this functionality and I was wondering how I'd go about doing this.
Thanks, Joshua Warburton Irax Ltd. _______________________________________________ calendarserver-dev mailing list calendarserver-dev@lists.macosforge.org https://lists.macosforge.org/mailman/listinfo/calendarserver-dev
Hi, When I wanted to contribute something to python-kerberos, I opened an Enhancement ticket [1] on the trac instance, with a patch attached. -Alex Szczuczko [1] - https://trac.calendarserver.org/ticket/798
Hi Joshua, I've been trying to investigate how to get delegation working in the Python-Kerberos project for a little while now and today I noticed your recent changes. Thanks so much. However, I was wondering if you had some example code to demonstrate your changes? I have successfully saved the client's delegating ticket to the temporary cache using your code, but was wondering the best way to get the Python-Kerberos project to use the temporary cache? Using the "kerberos->authGSSClientInit" function, the principal of the delegating client can be assigned, but the kerberos calls do not "know" about the new temporary cache. The ONLY way I could get the authentication working, is to temporarily change the KRB5CCNAME env variable to point to the temporary cache. However, this is problematic as my application has multiple threads... If you have any advice on accessing the temporary cache via the Kerberos libraries, please let me know - I'd be very grateful! Many thanks, Marc
participants (3)
-
Alex Szczuczko
-
Joshua Warburton
-
Message