mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Make Kerberos keytab handling more universal
This commit is contained in:
parent
9c80c7c2c3
commit
34e8fb9c8c
@ -180,15 +180,18 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
|
|||||||
return
|
return
|
||||||
|
|
||||||
# If machine is joined to domain attempt to present machine credentials for authentication
|
# If machine is joined to domain attempt to present machine credentials for authentication
|
||||||
if os.path.exists("/etc/krb5.keytab") and os.path.exists("/etc/samba/smb.conf"):
|
if os.path.exists("/etc/krb5.keytab"):
|
||||||
# Get HTTP service ticket
|
|
||||||
from configparser import ConfigParser
|
|
||||||
cp = ConfigParser(delimiters=("="))
|
|
||||||
cp.readfp(open("/etc/samba/smb.conf"))
|
|
||||||
name = cp.get("global", "netbios name")
|
|
||||||
realm = cp.get("global", "realm")
|
|
||||||
os.environ["KRB5CCNAME"]="/tmp/ca.ticket"
|
os.environ["KRB5CCNAME"]="/tmp/ca.ticket"
|
||||||
os.system("kinit -k %s$ -S HTTP/%s@%s -t /etc/krb5.keytab" % (name, server, realm))
|
# If Samba configuration exists assume NetBIOS name was used in keytab
|
||||||
|
if os.path.exists("/etc/samba/smb.conf"):
|
||||||
|
from configparser import ConfigParser
|
||||||
|
cp = ConfigParser(delimiters=("="))
|
||||||
|
cp.readfp(open("/etc/samba/smb.conf"))
|
||||||
|
name = cp.get("global", "netbios name")
|
||||||
|
os.system("kinit -S HTTP/%s -k %s$" % (name, server))
|
||||||
|
else:
|
||||||
|
os.system("kinit -S HTTP/%s -k %s$" % (const.HOSTNAME.lower(), server) # Mac OS X
|
||||||
|
os.system("kinit -S HTTP/%s -k %s$" % (const.HOSTNAME.upper(), server) # Fedora /w SSSD
|
||||||
from requests_kerberos import HTTPKerberosAuth, OPTIONAL
|
from requests_kerberos import HTTPKerberosAuth, OPTIONAL
|
||||||
auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL, force_preemptive=True)
|
auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL, force_preemptive=True)
|
||||||
else:
|
else:
|
||||||
|
Loading…
Reference in New Issue
Block a user