lauri/certidude
1
0
Fork 0
mirror of https://github.com/laurivosandi/certidude synced 2025-10-31 09:29:13 +00:00
Code Issues Activity

Make Kerberos keytab handling more universal

Browse Source
This commit is contained in:
Lauri Võsandi
2017-01-30 17:48:30 +00:00
parent 9c80c7c2c3
commit 34e8fb9c8c
1 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
certidude/helpers.py
View File

@@ -180,15 +180,18 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
return return
# If machine is joined to domain attempt to present machine credentials for authentication # If machine is joined to domain attempt to present machine credentials for authentication
if os.path.exists("/etc/krb5.keytab") and os.path.exists("/etc/samba/smb.conf"): if os.path.exists("/etc/krb5.keytab"):
# Get HTTP service ticket os.environ["KRB5CCNAME"]="/tmp/ca.ticket"
# If Samba configuration exists assume NetBIOS name was used in keytab
if os.path.exists("/etc/samba/smb.conf"):
from configparser import ConfigParser from configparser import ConfigParser
cp = ConfigParser(delimiters=("=")) cp = ConfigParser(delimiters=("="))
cp.readfp(open("/etc/samba/smb.conf")) cp.readfp(open("/etc/samba/smb.conf"))
name = cp.get("global", "netbios name") name = cp.get("global", "netbios name")
realm = cp.get("global", "realm") os.system("kinit -S HTTP/%s -k %s$" % (name, server))
os.environ["KRB5CCNAME"]="/tmp/ca.ticket" else:
os.system("kinit -k %s$ -S HTTP/%s@%s -t /etc/krb5.keytab" % (name, server, realm)) os.system("kinit -S HTTP/%s -k %s$" % (const.HOSTNAME.lower(), server) # Mac OS X
os.system("kinit -S HTTP/%s -k %s$" % (const.HOSTNAME.upper(), server) # Fedora /w SSSD
from requests_kerberos import HTTPKerberosAuth, OPTIONAL from requests_kerberos import HTTPKerberosAuth, OPTIONAL
auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL, force_preemptive=True) auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL, force_preemptive=True)
else: else: