[Freeipa-devel] python kerberos problems (forms based auth)
Alexander Bokovoy
abokovoy at redhat.com
Sat Feb 18 21:22:23 UTC 2012
On Sat, 18 Feb 2012, Dmitri Pal wrote:
> I am definitely not a Python person but in AuthHub code I have see the
> following construct:
> https://fedorahosted.org/AuthHub/browser/plugins/python/authhub-yubikey/authhub-yubikey
> when a shared library is loaded and and entry point is mapped.
I'd rather be careful on using ctypes. There is a problem with
SELinux and ctypes which was fixed in Python 2.7 and recent
SELinux. The story has long trail:
https://bugzilla.redhat.com/show_bug.cgi?id=582009 is
manifesting again in Rawhide/F17.
More to it, using ctypes in WSGI requires to allow httpd to execute
code from a temporary file:
https://bugzilla.redhat.com/show_bug.cgi?id=645193
> I assume this can be easily done as in the example code so why we are
> not doing this instead of starting KINIT as a separate process? I know
> it is probably not the cleanest approach but I am surprised to not find
> it as one of the top options on the list in the current situation with
> the given constraints.
I would advise against using ctypes for the purpose of AuthHub and
FreeIPA.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list