Use of kerberos in python samdb script
Alexander Bokovoy
ab at altlinux.org
Tue May 14 06:54:41 MDT 2013
On Tue, May 14, 2013 at 9:18 AM, William Brown <
william.e.brown at adelaide.edu.au> wrote:
> > > > My system is fedora, so when I login, i'm using a MIT ccache. Isn't
> this
> > > > not supported? Additionally, the ticket cache is:
> > > >
> > > > Ticket cache: DIR::/run/user/2000/krb5cc/tkt8FKOCB
> > >
> > > Most MIT ccache files are supported, but the DIR one isn't. A patch to
> > > address this would address the biggest technical difficultly in mixing
> > > Heimdal and MIT for different tasks.
> >
> > For time being one could address a single ccache from a DIR collection
> since
> > they are just ccache files past DIR: path.
>
> So setting the --krb5-cache to the subfolder might work?
>
>
> > > > So, what's the best thing to do with this? Use the system ldb that is
> > > > built
> > > > against ldap and mit? Or is this unsupported.
> > >
> > > It would have to be the Samba client code, not just ldb, but it should
> > > work, for python scripts, because that's what Red Hat (who allowed MIT
> > > to work at all with this code) did the work specifically to support.
> >
> > A stock samba-python package of in Fedora should work as it is if what is
> > needed is remote LDAP connection, even to the same host.
> >
>
> But it doesn't work because libldb that RH ship, doesn't support the ldap
> driver. Trying this fails in various ways, but this is a distro problem (I
> will create some tickets with them). I had many other various issue with
> samba-python on a host that wasn't my domain controller.
>
https://bugzilla.redhat.com/show_bug.cgi?id=961839 (filed by you).
I've talked to the package maintainer, it looks like a simple BuildRequires
omission.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list