[Freeipa-users] ipalib authentication
Standa Laznicka
slaznick at redhat.com
Thu Nov 24 15:54:55 UTC 2016
On 11/24/2016 04:27 PM, Adam Bishop wrote:
> I'm writing a bit of code using ipalib directly, I'm a little stuck on authentication though.
>
> It works fine if grab a Kerberos ticket with kinit then run the code interactively, but I'd like to run this as a daemon which makes maintaining a ticket tricky.
>
> What other options are there for authenticating to the API, avoiding calling external tools like curl or kinit?
>
> Regards,
>
> Adam Bishop
>
> gpg: E75B 1F92 6407 DFDF 9F1C BF10 C993 2504 6609 D460
>
> jisc.ac.uk
>
> Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.
>
> Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.
>
>
Hello Adam,
Nice to see someone interested in FreeIPA development. For questions
about developing FreeIPA, feel free to contact other developers at
freeipa-devel at redhat.com (in CC). You can also create a pull request on
GitHub (https://github.com/freeipa/freeipa) if you'd like to share your
code with the community.
As for your question, would it be feasible to use keytabs? Sure, you
still have to perform kinit but there's no user action required (except
for maintaining the keytab, of course).
Standa
More information about the Freeipa-users
mailing list