1
0
mirror of https://github.com/laurivosandi/certidude synced 2025-01-08 23:27:36 +00:00

Make Kerberos keytab handling more universal

This commit is contained in:
Lauri Võsandi 2017-01-30 17:48:30 +00:00
parent 9c80c7c2c3
commit 34e8fb9c8c

View File

@ -180,15 +180,18 @@ def certidude_request_certificate(server, key_path, request_path, certificate_pa
return
# If machine is joined to domain attempt to present machine credentials for authentication
if os.path.exists("/etc/krb5.keytab") and os.path.exists("/etc/samba/smb.conf"):
# Get HTTP service ticket
from configparser import ConfigParser
cp = ConfigParser(delimiters=("="))
cp.readfp(open("/etc/samba/smb.conf"))
name = cp.get("global", "netbios name")
realm = cp.get("global", "realm")
if os.path.exists("/etc/krb5.keytab"):
os.environ["KRB5CCNAME"]="/tmp/ca.ticket"
os.system("kinit -k %s$ -S HTTP/%s@%s -t /etc/krb5.keytab" % (name, server, realm))
# If Samba configuration exists assume NetBIOS name was used in keytab
if os.path.exists("/etc/samba/smb.conf"):
from configparser import ConfigParser
cp = ConfigParser(delimiters=("="))
cp.readfp(open("/etc/samba/smb.conf"))
name = cp.get("global", "netbios name")
os.system("kinit -S HTTP/%s -k %s$" % (name, server))
else:
os.system("kinit -S HTTP/%s -k %s$" % (const.HOSTNAME.lower(), server) # Mac OS X
os.system("kinit -S HTTP/%s -k %s$" % (const.HOSTNAME.upper(), server) # Fedora /w SSSD
from requests_kerberos import HTTPKerberosAuth, OPTIONAL
auth = HTTPKerberosAuth(mutual_authentication=OPTIONAL, force_preemptive=True)
else: