Geert Jansen geert at
Fri Dec 7 09:07:27 CET 2007

Michael Ströder wrote:
> Geert Jansen wrote:
>> On a related note, you may be interested in my current project
>> Python-AD:
> How are you using Kerberos? Do you expect the user to run MIT's kinit
> before sending a SASL/GSSAPI bind request? Does it also work with
> heimdal? Do you make use of a Windows logon when running on Windows?

The user doesn't need to run  kinit (but he can do so and in that case
those credentials can be picked up). I provide a class called "Creds"
that the user can use to acquire credentials:

    from ad import Creds, activate
    creds = Creds(domain)
    Creds.acquire(username, password)

Behind the scenes a new private ccache and Kerberos configuration are
installed using the $KRB5CCNAME and $KRB5_CONFIG environment variables.

I have not tested this with Heimdal so far. If it supports the
environment variables above it should work. Also I haven't tested
windows but I think that the Creds interface should be portable to that
platform as well.

Regards, Geert

More information about the python-ldap mailing list