[CalendarServer-dev] Implementation of credential delegation in pyKerberos

Message message.adams at gmail.com
Tue Apr 8 14:22:30 PDT 2014

Hi Joshua,

I've been trying to investigate how to get delegation working in the 
Python-Kerberos project for a little while now and today I noticed your 
recent changes. Thanks so much.

However, I was wondering if you had some example code to demonstrate 
your changes? I have successfully saved the client's delegating ticket 
to the temporary cache using your code, but was wondering the best way 
to get the Python-Kerberos project to use the temporary cache?

Using the "kerberos->authGSSClientInit" function, the principal of the 
delegating client can be assigned, but the kerberos calls do not "know" 
about the new temporary cache. The ONLY way I could get the 
authentication working, is to temporarily change the KRB5CCNAME env 
variable to point to the temporary cache.

However, this is problematic as my application has multiple threads...

If you have any advice on accessing the temporary cache via the Kerberos 
libraries, please let me know - I'd be very grateful!

Many thanks,

More information about the calendarserver-dev mailing list