Getting a kerberos ticket

Donn Cave donn at
Wed Jan 29 06:28:46 CET 2003

Quoth Mike McGavin <jester at>:

|> Then you need a keytab file with the principal's password, with access
|> restricted to your application ID (and root of course - there's no way
|> you can do this without giving the web host's admins access to your
|> database.)  That can be used periodically to update credentials, via
|> kinit in a cron job, or every time the request runs.
| Thanks.  Would I still need this if the process is running under my uid, 
| or is it only if it's running as nobody?

Running as you.  It's your password, kinit will use the keytab instead
of prompting.

|> A Python module for Kerberos5 is feasible, but seems like it might be
|> the least of your worries (maybe not even worth the installation and
|> maintenance of this C module.)
| I actually managed to find Elliot Lee's krb5 module at 
|, but I'm having a 
| difficult time getting it to compile under NetBSD.  I'm not yet sure if 
| it'll do what I want, but I'm hoping.

That's interesting, I'll have to see what he's got.  NetBSD comes with
Heimdal, as opposed to MIT, Kerberos5.  MIT and Heimdal aren't 100%
compatible at the API level in my experience, that could be the problem.
But you really do not need a Python krb5 module for this.

	Donn Cave, donn at

More information about the Python-list mailing list