[python-ldap] testing for credentials
michael at stroeder.com
Sat Jul 7 11:50:40 CEST 2012
Rob McBroom wrote:
> I'd like my scripts to attempt Kerberos, but fall back to simple authentication if that fails. If I do this:
> import ldap.sasl
> auth_tokens = ldap.sasl.gssapi()
> Is there something about `auth_tokens` I can use to determine whether or not a valid Kerberos ticket exists? The object appears to be identical with or without credentials. If I try to bind, the difference becomes apparent, but I'd obviously like to know which type of authentication to use *before* the bind.
> I could run `klist -s` and check the exit code like an animal, but I was hoping for a simpler way.
There's nothing you can check in advance.
I'd simply try SASL/GSSAPI bind first and catch the exception for falling back
to simple bind. IMHO this is the best approach anyway.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3883 bytes
Desc: S/MIME Cryptographic Signature
More information about the python-ldap