[CalendarServer-dev] [CalendarServer] #314: Custom keytab file location for Kerberos

Wed Feb 11 10:56:57 PST 2009

#314: Custom keytab file location for Kerberos
-------------------------------+--------------------------------------------
 Reporter:  rahul@…            |       Owner:  wsanchez@…        
     Type:  Enhancement        |      Status:  new               
 Priority:  4: Nice to have    |   Milestone:  Later             
Component:  Calendar Server    |    Severity:  Other             
 Keywords:                     |  
-------------------------------+--------------------------------------------

Comment(by arthurp@…):

 Replying to [comment:1 wsanchez@…]:
 > I think we just find the keytab via the underlying Kerberos library.

 Right, but the underlying Kerberos library expects to obtain any non-
 default keytab locations from the environment variable KRB5_KTNAME, which
 is being filtered out by twisted. (see
 [http://twistedmatrix.com/trac/wiki/FrequentlyAskedQuestions#WhydontmyspawnProcessprogramsseemyenvironmentvariables
 twisted FAQ]) For implementing this, I've chosen to patch through the
 environment variable as is already being done for PYTHONPATH (rather than
 dealing with adding configuration file items).

 The attached patch has been tested on Debian Lenny, against Debian's
 pykerberos 1.0+svn2455-1.  From what I can see, the changes between that
 and pykerberos 1.1 stay far away from keytab handling.

 Note that setting KRB5_KTNAME to '' results in no keytab file ever being
 found, thus the mildly awkward syntax.

-- 
Ticket URL: <http://trac.calendarserver.org/ticket/314#comment:2>
CalendarServer </>
HTTP/WebDAV/CalDAV Server