[Freeipa-devel] [PATCH] jderose 011 Fleshed out krb plugin and added example of scripting against Python API
Rob Crittenden
rcritten at redhat.com
Thu Jul 23 20:18:07 UTC 2009
Jason Gerard DeRose wrote:
> This patch adds the first example of scripting against the IPA Python
> API in doc/examples/python-api.py.
>
> It also finally fleshes out the ipalib.plugins.kerberos.krb plugin. It
> wraps the krbV bindings and does correct Unicode encoding/decoding.
> More work will be coming shortly with some exception handling cleanup
> and porting code to use Backend.krb instead of krbV, but this is a
> start.
>
> I'm still trying to decide on a good solution for implementing the
> connection creation in a generic and plugable way (to replace the
> hard-coded Executioner.create_context() method). The difficulty is 1)
> we need it to be plugable, we want to be able to add new backends that
> authenticate using their own mechanisms, while at the same time 2) we
> only want to expose connections (but not credentials of any kind) on
> request.context, and to make things worse, we 3) want to lazily create
> connections whenever possible.
>
> I took a couple of stabs at the above, but didn't like any of them, so
> for now doc/examples/python-api.py just uses a similar hard-coded
> connection setup to what Executioner.create_context() uses, specifically
> it does this:
>
> if api.env.in_server:
> api.Backend.ldap2.connect(
> ccache=api.Backend.krb.default_ccname()
> )
> else:
> api.Backend.xmlclient.connect()
>
> This will be replaced eventually with some common method, but this works
> for now.
>
> One last thing: to be consisted with the Kerberos library (right?) and
> SASL, I think we should consistently use `ccname` to mean the path of
> the file containing the credential cache. We use `ccache` a lot
> instead, which can also be confused with the krbV.CCache object. What
> does everyone think about this?
>
> Cheers,
> Jason
ack
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090723/23d905a2/attachment.bin>
More information about the Freeipa-devel
mailing list