def _update_login(): try: if not ad.bound(): d = PyDialog.PasswordDialog() selection = d.display() if selection: principal = ad._format_principal(d.username()) domain = ad._split_principal(d.username())[1] write_pref('principal', principal) write_pref('domain', domain) if is_ldap_reachable(read_pref('domain')): result = kerberos.test_kerberos_password( read_pref('principal'), d.password()) if result != True: _update_login() else: if is_ldap_reachable(read_pref('domain')): success = kerberos.test_kerberos_password( read_pref('principal'), _update_password()) if not success: _update_login() except ad.PrincipalFormatError: message = 'Username must be formatted as [email protected]' username_dialog = PyDialog.AlertDialog('Invalid username!', message) username_dialog.display() self.validate_kerberos()
def pass_to_keychain(principal, password): """Saves password to keychain for use by kinit.""" username, realm = ad._split_principal(principal) security_args = [ '-a', username, '-l', realm, '-s', realm, '-c', 'aapl', '-T', '/usr/bin/kinit', '-w', str(password) ] return _keychain('add', 'generic', security_args)
def check_keychain(principal=None): if principal: username, realm = ad._split_principal(principal) else: if not ad.bound(): raise ad.NotBound realm = ad.realms()[0] username = ad._get_consoleuser() security_args = [ '-a', username, '-l', realm.upper() + ' (' + username + ')', '-s', realm.upper(), '-c', 'aapl' ] return True if _keychain('find', 'generic', security_args) else False
def check_keychain(principal=None): if principal: username, realm = ad._split_principal(principal) else: if not ad.bound(): raise ad.NotBound realm = ad.realms()[0] username=ad._get_consoleuser() security_args = [ '-a', username, '-l', realm.upper() + ' (' + username + ')', '-s', realm.upper(), '-c', 'aapl' ] return True if _keychain('find', 'generic', security_args) else False