[Freeipa-devel] another snag with kerberos
Rob Crittenden
rcritten at redhat.com
Tue Jul 17 13:02:31 UTC 2007
Simo Sorce wrote:
> On Mon, 2007-07-16 at 17:02 -0400, Rob Crittenden wrote:
>> Found another snag in the forwarding kerberos tickets via XML-RPC: the
>> python xmlrpc library only supports Basic Authentication.
>>
>> The really aggravating part is that as far as I can tell you can't
>> include extra headers to be send in the XMLRPC request, so we can't even
>> include an Authorization header ourselves.
>>
>> And even if we could include our own headers I'm not sure how to
>> hand-craft a Negotiate request.
>
> If it is apache that will serve the contents shouldn't it take care of
> that?
>
> Simo.
>
No. Our clients (cli and gui) will include an XMPRPC client. This client
needs to authenticate to the XMLRPC server using kerberos. In the GUI
this means using a forwarded ticket. In the cli we can probably use the
local ccache.
In any case, the XMLRPC client will need to include in its request a
header that looks something like:
Authenticate: Negotiate [insert base64 blob here]
I don't see a way to add headers to the client request using xmlrpclib.py.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070717/c9df3e24/attachment.bin>
More information about the Freeipa-devel
mailing list