From 34e8fb9c8c5d793c974614dc56950b1a21f66b1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= <lauri.vosandi@gmail.com>
Date: Mon, 30 Jan 2017 17:48:30 +0000
Subject: [PATCH] Make Kerberos keytab handling more universal

---
 certidude/helpers.py | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/certidude/helpers.py b/certidude/helpers.py
index c16b421..15a5bf9 100644
--- a/certidude/helpers.py
+++ b/certidude/helpers.py
@@ -180,15 +180,18 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
         return
 
     # If machine is joined to domain attempt to present machine credentials for authentication
-    if os.path.exists("/etc/krb5.keytab") and os.path.exists("/etc/samba/smb.conf"):
-        # Get HTTP service ticket
-        from configparser import ConfigParser
-        cp = ConfigParser(delimiters=("="))
-        cp.readfp(open("/etc/samba/smb.conf"))
-        name = cp.get("global", "netbios name")
-        realm = cp.get("global", "realm")
+    if os.path.exists("/etc/krb5.keytab"):
         os.environ["KRB5CCNAME"]="/tmp/ca.ticket"
-        os.system("kinit -k %s$ -S HTTP/%s@%s -t /etc/krb5.keytab" % (name, server, realm))
+        # If Samba configuration exists assume NetBIOS name was used in keytab
+        if os.path.exists("/etc/samba/smb.conf"):
+            from configparser import ConfigParser
+            cp = ConfigParser(delimiters=("="))
+            cp.readfp(open("/etc/samba/smb.conf"))
+            name = cp.get("global", "netbios name")
+            os.system("kinit -S HTTP/%s -k %s$" % (name, server))
+        else:
+            os.system("kinit -S HTTP/%s -k %s$" % (const.HOSTNAME.lower(), server) # Mac OS X
+            os.system("kinit -S HTTP/%s -k %s$" % (const.HOSTNAME.upper(), server) # Fedora /w SSSD
         from requests_kerberos import HTTPKerberosAuth, OPTIONAL
         auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL, force_preemptive=True)
     else: