Use of kerberos in python samdb script

[Alexander Bokovoy]

14.05.2013 6:18 пользователь "Andrew Bartlett" <abartlet at samba.org> написал:
>
> On Tue, 2013-05-14 at 12:42 +0930, William Brown wrote:
> > On Sun, 12 May 2013 10:42:32 PM William Edward Brown wrote:
> > > > > Any further ideas would be welcome.
> > > >
> > > > One more idea: please try to change
> > > > sys.path.append('/usr/local/samba/lib64/python2.7/site-packages')
into
> > > > sys.path.insert(0,'/usr/local/samba/lib64/python2.7/site-packages')
> > > > just in case you have samba packages of different origin around.
> > > >
> > > > Regards
> > > >
> > > > Geza Gemes
> > >
> > > No change. I changed my script to what you suggested, but also
checked that
> > > I only have a single instance of the python libraries anyway. I also
> > > suspected that it may be due to the fact I have system ldb libraries
> > > installed, so I added to my SamDB opening call.
> > >
> > > modules_dir='/usr/local/samba/lib/ldb'
> >
> > I may have solved this.
> >
> > My system is fedora, so when I login, i'm using a MIT ccache. Isn't
this not
> > supported? Additionally, the ticket cache is:
>
> > Ticket cache: DIR::/run/user/2000/krb5cc/tkt8FKOCB
>
> Most MIT ccache files are supported, but the DIR one isn't.  A patch to
> address this would address the biggest technical difficultly in mixing
> Heimdal and MIT for different tasks.
>
For time being one could address a single ccache from a DIR collection
since they are just ccache files past DIR: path.

> > So, what's the best thing to do with this? Use the system ldb that is
built
> > against ldap and mit? Or is this unsupported.
>
> It would have to be the Samba client code, not just ldb, but it should
> work, for python scripts, because that's what Red Hat (who allowed MIT
> to work at all with this code) did the work specifically to support.
A stock samba-python package of in Fedora should work as it is if what is
needed is remote LDAP connection, even to the same host.

-- 
/ Alexander Bokovoy