Use of kerberos in python samdb script

William Brown william.e.brown at adelaide.edu.au
Tue May 14 00:18:47 MDT 2013


> > > My system is fedora, so when I login, i'm using a MIT ccache. Isn't this
> > > not supported? Additionally, the ticket cache is:
> > > 
> > > Ticket cache: DIR::/run/user/2000/krb5cc/tkt8FKOCB
> > 
> > Most MIT ccache files are supported, but the DIR one isn't.  A patch to
> > address this would address the biggest technical difficultly in mixing
> > Heimdal and MIT for different tasks.
> 
> For time being one could address a single ccache from a DIR collection since
> they are just ccache files past DIR: path.

So setting the --krb5-cache to the subfolder might work?


> > > So, what's the best thing to do with this? Use the system ldb that is
> > > built
> > > against ldap and mit? Or is this unsupported.
> > 
> > It would have to be the Samba client code, not just ldb, but it should
> > work, for python scripts, because that's what Red Hat (who allowed MIT
> > to work at all with this code) did the work specifically to support.
> 
> A stock samba-python package of in Fedora should work as it is if what is
> needed is remote LDAP connection, even to the same host.
> 

But it doesn't work because libldb that RH ship, doesn't support the ldap 
driver. Trying this fails in various ways, but this is a distro problem (I 
will create some tickets with them). I had many other various issue with 
samba-python on a host that wasn't my domain controller. 


-- 
Sincerely,

William Brown

Research & Teaching, Technology Services
The University of Adelaide, AUSTRALIA 5005

CRICOS Provider Number 00123M
-----------------------------------------------------------------------------
IMPORTANT: This message may contain confidential or legally privileged
information. If you think it was sent to you by mistake, please delete
all
copies and advise the sender. For the purposes of the SPAM Act 2003,
this
email is authorised by The University of Adelaide.

pgp.mit.edu
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x3C0AC6DAB2F928A2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 876 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20130514/66b9d8ec/attachment.pgp>


More information about the samba-technical mailing list