def obtain_or_renew_ticket(principal, password=None, renew_life=None, keytab=False): ctx = krb5.Context() cc = krb5.CredentialsCache(ctx) if have_ticket(principal): try: tgt = ctx.renew_tgt(principal, cc) cc.add(tgt) except krb5.KrbException: pass else: return if keytab: keytab = krb5.Keytab(ctx, '/etc/krb5.keytab') tgt = ctx.obtain_tgt_keytab(principal, keytab, renew_life=renew_life) else: tgt = ctx.obtain_tgt_password(principal, password, renew_life=renew_life) if abs((tgt.starttime - datetime.now()).total_seconds()) > 300: raise krb5.KrbException("Clock skew too great") cc.add(tgt)
def have_ticket(principal): ctx = krb5.Context() cc = krb5.CredentialsCache(ctx) for i in cc.entries: if i.client == principal: return True return False