def acquire_tgt(name=None, keytab_path=None, max_retries=3):
"""Acquire a ticket-granting ticket (TGT), as if they had run
"kinit". If the user already has a valid, current TGT, that TGT is simply
renewed. TGT will be acquired using password based authentication if a keytab
is not used
"""
if have_tgt():
return True
else:
realm = krb5.get_default_realm()
if not name:
name = getpass.getuser()
principal_name = "%s@%s" % (name, realm)
if not keytab_path:
principal = None
for attempt in range(max_retries):
try:
password = getpass.getpass("Password for %s: " % principal_name, sys.stderr)
principal = krb5.Principal(name=principal_name, password=password)
break
except RuntimeError, error:
print str(error)
else:
def have_service_ticket(service, host):
"""Checks whether the default credential cache contains a ticket for the
specified service and host.
"""
try:
principal = krb5.get_login_principal()
except RuntimeError:
return False
service_name = "%s/%s@%s" % (service, host, krb5.get_default_realm())
creds = principal.get_credentials()
for cred in creds:
if cred.server == service_name:
if not _cred_expired(cred):
return True
return False