Пример #1
0
def acquire_tgt(name=None, keytab_path=None, max_retries=3):
    """Acquire a ticket-granting ticket (TGT), as if they had run 
    "kinit".  If the user already has a valid, current TGT, that TGT is simply
    renewed. TGT will be acquired using password based authentication if a keytab
    is not used
    """
    
    if have_tgt():
        return True
    else:
        realm = krb5.get_default_realm()
        if not name:
            name = getpass.getuser()
        principal_name = "%s@%s" % (name, realm)

        if not keytab_path:
            principal = None
            for attempt in range(max_retries):
                try:
                    password = getpass.getpass("Password for %s: " % principal_name, sys.stderr)
                    principal = krb5.Principal(name=principal_name, password=password)
                    break
                except RuntimeError, error:
                    print str(error)
        else:
Пример #2
0
def have_service_ticket(service, host):
    """Checks whether the default credential cache contains a ticket for the
    specified service and host.
    """
    
    try:
        principal = krb5.get_login_principal()
    except RuntimeError:
        return False
    service_name = "%s/%s@%s" % (service, host, krb5.get_default_realm())        
    creds = principal.get_credentials()
        
    for cred in creds:
        if cred.server == service_name:
            if not _cred_expired(cred):
                return True
                
    return False