ldap.sasl.gssapi example?
Gavin Doughtie
gdoughtie at anim.dreamworks.com
Thu Apr 8 19:28:42 CEST 2004
Here's the complete scoop:
marlin [~/src/mod/python/users](SHARK)(90)> rpm -qi krb5-workstation
Name : krb5-workstation Relocations: (not relocateable)
Version : 1.2.7 Vendor: (none)
Release : 14 Build Date: Wed 13 Aug 2003
03:33:05 PM PDT
Install Date: Thu 25 Mar 2004 09:36:58 AM PST Build Host:
tuna.anim.dreamworks.com
Group : System Environment/Base Source RPM:
krb5-1.2.7-14.src.rpm
Size : 1229404 License: MIT, freely
distributable.
Signature : DSA/SHA1, Wed 12 Nov 2003 01:33:16 PM PST, Key ID
c4e64780ae5317ff
URL : http://web.mit.edu/kerberos/www/
Summary : Kerberos 5 programs for use on workstations.
Description :
Kerberos is a network authentication system. The krb5-workstation
package contains the basic Kerberos programs (kinit, klist, kdestroy,
kpasswd) as well as kerberized versions of Telnet and FTP. If your
network uses Kerberos, this package should be installed on every
workstation.
marlin [~/src/mod/python/users](SHARK)(91)> rpm -qi cyrus-sasl
Name : cyrus-sasl Relocations: (not relocateable)
Version : 2.1.15 Vendor: Red Hat, Inc.
Release : 3 Build Date: Thu 21 Aug 2003
12:27:29 PM PDT
Install Date: Thu 25 Mar 2004 09:38:29 AM PST Build Host:
daffy.perf.redhat.com
Group : System Environment/Libraries Source RPM:
cyrus-sasl-2.1.15-3.src.rpm
Size : 534045 License: Freely Distributable
Signature : DSA/SHA1, Wed 24 Sep 2003 11:11:29 AM PDT, Key ID
219180cddb42a60e
Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
URL : http://asg.web.cmu.edu/sasl/sasl-library.html
Summary : The Cyrus SASL library.
Description :
The cyrus-sasl package contains the Cyrus implementation of SASL.
SASL is the Simple Authentication and Security Layer, a method for
adding authentication support to connection-based protocols.
marlin [~/src/mod/python/users](SHARK)(92)> kinit --no-addresses
kinit: invalid option -- -
kinit: invalid option -- n
kinit: invalid option -- o
kinit: invalid option -- -
kinit: invalid option -- a
kinit: invalid option -- d
kinit: invalid option -- d
Bad lifetime value esses
Usage: kinit [-5] [-4] [-V] [-l lifetime] [-s start_time]
[-r renewable_life] [-f | -F] [-p | -P] [-A]
[-v] [-R] [-k [-t keytab_file]]
[-c cachename] [-S service_name] [principal]
options: valid with Kerberos:
-5 Kerberos 5 (available)
-4 Kerberos 4 (available)
(Default behavior is to try Kerberos 5)
-V verbose Either 4 or 5
-l lifetime Either 4 or 5
-s start time 5
-r renewable lifetime 5
-f forwardable 5
-F not forwardable 5
-p proxiable 5
-P not proxiable 5
-A do not include addresses 5
-v validate 5
-R renew 5, or both 5
and 4
-k use keytab 5, or both 5
and 4
-t filename of keytab to use 5, or both 5
and 4
-c Kerberos 5 cache name 5
-S service 5, or both 5
and 4
marlin [~/src/mod/python/users](SHARK)(93)> kinit -A
Password for gdoughtie at ANIM.DREAMWORKS.COM:
marlin [~/src/mod/python/users](SHARK)(94)> python sasl
sasl_bind.py~ sasl_bind.py
marlin [~/src/mod/python/users](SHARK)(94)> python sasl_bind.py
******************** GSSAPI ********************
*** ldap://etzadaat.anim.dreamworks.com:389/ -
SimpleLDAPObject.set_option ((17, 3),{})
*** ldap://etzadaat.anim.dreamworks.com:389/ -
SimpleLDAPObject.set_option ((17, 3),{})
*** ldap://etzadaat.anim.dreamworks.com:389/ -
SimpleLDAPObject.sasl_interactive_bind_s (('', <ldap.sasl.sasl instance
at 0xb6e8110c>, None, None),{})
Error using SASL mechanism GSSAPI {'desc': 'Local error'} (<class
ldap.LOCAL_ERROR at 0xb73fa4dc>, <ldap.LOCAL_ERROR instance at
0xb6e811ec>, <traceback object at 0xb6e85f54>)
File "sasl_bind.py", line 72, in ?
l.sasl_interactive_bind_s("", sasl_auth)
File "/usr/local/lib/python2.3/site-packages/ldap/ldapobject.py",
line 196, in sasl_interactive_bind_s
return
self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,serverctrls,clientctrls)
File "/usr/local/lib/python2.3/site-packages/ldap/ldapobject.py",
line 94, in _ldap_call
result = func(*args,**kwargs)
*** ldap://etzadaat.anim.dreamworks.com:389/ -
SimpleLDAPObject.unbind_ext ((None, None),{})
Michael Ströder wrote:
> Gavin Doughtie wrote:
>
>> OK, here's the result from running my modified sasl_bind.py (below):
>>
>> marlin [~/src/mod/python/users](SHARK)(55)> kinit
>> Password for gdoughtie at ANIM.DREAMWORKS.COM:
>
>
> Could you please try with
>
> kinit --no-addresses
>
>> Error using SASL mechanism GSSAPI {'desc': 'Local error'}
>
>
> Hmm, really no 'info' field?
>
> What Kerberos lib are you using?
>
> I'm using heimdal 0.6 and cyrus-sasl 2.1.15 shipped with my SuSE 9.0
> system.
>
> If anything goes wrong there's a message in the 'info' field containing
> also Kerberos-related text.
>
> Ciao, Michael.
--
Gavin Doughtie
DreamWorks SKG
(818) 695-3821
More information about the python-ldap
mailing list