[Freeipa-devel] Is Backend.krb part of API?
Alexander Bokovoy
abokovoy at redhat.com
Tue Jul 28 11:28:59 UTC 2015
On Tue, 28 Jul 2015, Simo Sorce wrote:
>On Tue, 2015-07-28 at 13:55 +0300, Alexander Bokovoy wrote:
>> On Tue, 28 Jul 2015, Petr Vobornik wrote:
>> >On 07/28/2015 10:57 AM, Michael Šimáček wrote:
>> >>Hi,
>> >>
>> >>I'm working on porting FreeIPA away from python-krbV. Backend.krb and
>> >>KRB5_CCache classes are mere wrappers around krbV bindings, so it would
>> >>make sense to remove them. But I found the former used in the example in
>> >>doc/examples/python-api.py. Is it part of FreeIPA's API? Shall I provide
>> >>some partial compatibility layer for it? (only partial because some
>> >>methods can take krbV objects as arguments)
>> >>
>> >>Thank you,
>> >>Michael Simacek
>> >>
>> >
>> >Does the replacement offer API which has all the methods as the
>> >wrappers? If so we can remove them.
>> >
>> >Imho we can remove Backend.krb aka ipalib/plugins/kerberos.py. It's
>> >used only in 2 files, both are not in production. But I'm not sure
>> >about KRB5_CCache, the wrapper has some exception logic which might be
>> >wanted to be kept.
>> Backend.krb can go if you provide something similar to KRB5_CCache. We
>> need to be able to initialize ccache with that class -- either by using
>> existing ccache (we often marshall ccache content to memcached and then
>> unmarshall it when the same session comes back) or by using a keytab.
>> After ccache is provided, we need to be able to query default principal
>> of the existing ccache.
>
>We should be able to do all this with python-gssapi and the store
>extensions.
Yep. It would be good to have a helper, though.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list