[Pythonmac-SIG] Active Directory authentication on Mac using Python
Nicholas Riley
njriley at uiuc.edu
Mon Aug 15 23:19:41 CEST 2005
On Mon, Aug 15, 2005 at 03:46:31PM -0500, brad.allen at omsdal.com wrote:
> Thanks for setting me straight. So, I'm unclear on whether LDAP
> authentication actually uses Kerberos in some underlying way
> (via SASL), or whether it actually sends the password across the
> network. Maybe I'm barking up the wrong tree by trying to use LDAP.
LDAP uses SASL which uses GSSAPI which uses Kerberos (I think :). In
several of these cases, the path you're following is one of several
plugins.
I had a lot of trouble getting SASL binding to work from Python, at
least on Linux, when I tried it a year ago. Your best bet may be to
simply wrap kinit (to get a TGT) and ldapsearch with Python.
You can see my eventual script (in Perl, not Python, because I
couldn't get any Python module to do what I wanted) for doing a
Kerberized LDAP search against Active Directory; there are Perl
Kerberos bindings, I think, but I didn't bother using them, I just
exec'ed kinit.
<http://njr.pycs.net/weblog/2004/06/03.html#P28>
--
Nicholas Riley <njriley at uiuc.edu> | <http://www.uiuc.edu/ph/www/njriley>
More information about the Pythonmac-SIG
mailing list