[Freeipa-devel] another snag with kerberos
Rob Crittenden
rcritten at redhat.com
Tue Jul 17 15:00:04 UTC 2007
Karl MacMillan wrote:
> On Tue, 2007-07-17 at 10:33 -0400, John Dennis wrote:
>> On Tue, 2007-07-17 at 09:02 -0400, Rob Crittenden wrote:
>>> I don't see a way to add headers to the client request using xmlrpclib.py.
>> I took a quick look at xmlrpclib.py. I agree there does not seem to be a
>> way to add headers in the exported API. However, it's not a complicated
>> module and fairly cleanly written so it looks like it would be
>> relatively easy to edit the the module and add the authentication
>> functionality. This would mean the IPA implementation would have it's
>> own private copy of the module but I suspect once it's working a diff
>> against the original sent as a patch to upstream would be most welcome
>> and then at a later date you can nuke your private copy once upstream
>> ships the fix.
>
> Not ideal - but seems workable. Rob - any other options or is this the
> way you want to go?
>
> Karl
>
After looking at this some more I wonder if we could simply subclass the
Transport method and include the headers that way. I'm not enough of a
python expert to know how large a task this would be.
In any case we can't do anything until we find a way to do kerberos SSO
with ticket forwarding using some sort of HTTP engine. The above would
solve the XMLRPC client and server ticket exchange but I still haven't
been able to get Apache to forward a ticket from Firefox. I've tried FF
2.0 from FC6 and the native F7 Firefox (in case it was a kerberos
library issue). I have FF set to do delegation for the requested URI and
according to the logs it seems to be doing it but on the Apache side it
isn't caching a ticket. So at this point I'm blocked and need assistance
from someone more knowledgeable about kerberos.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070717/f7027abd/attachment.bin>
More information about the Freeipa-devel
mailing list