[Freeipa-devel] Is Backend.krb part of API?
Simo Sorce
simo at redhat.com
Tue Jul 28 11:13:54 UTC 2015
On Tue, 2015-07-28 at 13:55 +0300, Alexander Bokovoy wrote:
> On Tue, 28 Jul 2015, Petr Vobornik wrote:
> >On 07/28/2015 10:57 AM, Michael Šimáček wrote:
> >>Hi,
> >>
> >>I'm working on porting FreeIPA away from python-krbV. Backend.krb and
> >>KRB5_CCache classes are mere wrappers around krbV bindings, so it would
> >>make sense to remove them. But I found the former used in the example in
> >>doc/examples/python-api.py. Is it part of FreeIPA's API? Shall I provide
> >>some partial compatibility layer for it? (only partial because some
> >>methods can take krbV objects as arguments)
> >>
> >>Thank you,
> >>Michael Simacek
> >>
> >
> >Does the replacement offer API which has all the methods as the
> >wrappers? If so we can remove them.
> >
> >Imho we can remove Backend.krb aka ipalib/plugins/kerberos.py. It's
> >used only in 2 files, both are not in production. But I'm not sure
> >about KRB5_CCache, the wrapper has some exception logic which might be
> >wanted to be kept.
> Backend.krb can go if you provide something similar to KRB5_CCache. We
> need to be able to initialize ccache with that class -- either by using
> existing ccache (we often marshall ccache content to memcached and then
> unmarshall it when the same session comes back) or by using a keytab.
> After ccache is provided, we need to be able to query default principal
> of the existing ccache.
We should be able to do all this with python-gssapi and the store
extensions.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list