[Freeipa-devel] [PATCH] jderose 011 Fleshed out krb plugin and added example of scripting against Python API
Jason Gerard DeRose
jderose at redhat.com
Tue Jul 7 07:07:10 UTC 2009
This patch adds the first example of scripting against the IPA Python
API in doc/examples/python-api.py.
It also finally fleshes out the ipalib.plugins.kerberos.krb plugin. It
wraps the krbV bindings and does correct Unicode encoding/decoding.
More work will be coming shortly with some exception handling cleanup
and porting code to use Backend.krb instead of krbV, but this is a
start.
I'm still trying to decide on a good solution for implementing the
connection creation in a generic and plugable way (to replace the
hard-coded Executioner.create_context() method). The difficulty is 1)
we need it to be plugable, we want to be able to add new backends that
authenticate using their own mechanisms, while at the same time 2) we
only want to expose connections (but not credentials of any kind) on
request.context, and to make things worse, we 3) want to lazily create
connections whenever possible.
I took a couple of stabs at the above, but didn't like any of them, so
for now doc/examples/python-api.py just uses a similar hard-coded
connection setup to what Executioner.create_context() uses, specifically
it does this:
if api.env.in_server:
api.Backend.ldap2.connect(
ccache=api.Backend.krb.default_ccname()
)
else:
api.Backend.xmlclient.connect()
This will be replaced eventually with some common method, but this works
for now.
One last thing: to be consisted with the Kerberos library (right?) and
SASL, I think we should consistently use `ccname` to mean the path of
the file containing the credential cache. We use `ccache` a lot
instead, which can also be confused with the krbV.CCache object. What
does everyone think about this?
Cheers,
Jason
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jderose-011-krb-plugin-plus-api-example.patch
Type: text/x-patch
Size: 5103 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090707/7a44e7fb/attachment.bin>
More information about the Freeipa-devel
mailing list