ciecplib.kerberos module

Kerberos utilities for ciecplib

ciecplib.kerberos.find_principal()

Determine the principal for an active kerberos credential.

Returns:

name (str) – The str representation of the Kerberos principal.

Raises:

RuntimeError – If no credential is found.

ciecplib.kerberos.has_credential(**store_kw)

Return True if an active Kerberos (GSSAPI) credential is available.

Parameters:

store_kw – Keyword arguments to pass to the credentials store extension of the underlying GSSAPI implementation. See https://pythongssapi.github.io/python-gssapi/credstore.html for more details.

Returns:

  • True – If a valid Kerberos credential is found with a lifetime of more than 1 second.

  • False – Otherwise.

Examples

>>> has_credential()
False
>>> has_credential(
...     ccache="mykrb5cc",
...     client_keytab="/home/user/.kerberos/me.keytab",
... )
True

Notes

This function will always return False if the requests-gssapi Kerberos Auth plugin required by requests-ecp is not found.

See also

gssapi.Credentials

For more details on how credentials are accessed using Python-GSSAPI.

ciecplib.kerberos.realm(principal)

Return the kerbeos realm name from a principal

Parameters:

principal (str) – the kerberos principal to parse

Returns:

realm (str) – the realm name

Raises:

IndexError – If the input principal cannot be parsed properly (normally if it doesn’t contain an @ character).

Examples

>>> realm('marie.curie@EXAMPLE.ORG')
'EXAMPLE.ORG'