Thanks for the info! I will work more on this and comment my progress
On Mon, Aug 25, 2014 at 5:48 PM, Rob Crittenden <[email protected]> wrote: > Yago Fernández Pinilla wrote: > > I'm using FreeIpa 3.3.5. And according to what I saw, using the API, > > seems to be the best option. > > > > For the time being I just want to request tickets and check tickets. > > > > Is that possible? > > . > > I'm still not sure what it is you're trying to do. > > It's important to remember that IPA isn't a server itself, it is a > collection of services configured to work together towards a common goal > (centralized identity). What we add is a management framework on top to > (hopefully) make things easier. This is what our API does, helps you > manage users, groups, etc. > > A ticket is a Kerberos concept and you would obtain it directly from the > KDC. The IPA API is not involved in that case. > > If that is what you want to do then it involves the python-krbV package > which is difficult at best to use and doesn't implement the entire > Kerberos stack. You can though do the equivalent of a kinit using a > keytab doing something like: > > import krbV > from ipalib import api > > api.bootstrap(context='test') > api.finalize() > > ccache_file = 'FILE:/tmp/host_ccache' > krbcontext = krbV.default_context() > principal = str('host/%s@%s' % (api.env.host, api.env.realm)) > keytab = krbV.Keytab(name='/etc/krb5.keytab', context=krbcontext) > principal = krbV.Principal(name=principal, context=krbcontext) > os.environ['KRB5CCNAME'] = ccache_file > ccache = krbV.CCache(name=ccache_file, context=krbcontext, > primary_principal=principal) > ccache.init(principal) > cache.init_creds_keytab(keytab=keytab, principal=principal) > > You'll definitely want to do something differently with the ccache file > than I'm showing here. > > I threw in IPA client initialization here so you could use this to > prepare to do IPA API calls. > > rob > > > > > > > On Mon, Aug 25, 2014 at 3:49 PM, Rob Crittenden <[email protected] > > <mailto:[email protected]>> wrote: > > > > Yago Fernández Pinilla wrote: > > > I want to integrate it in other service. Is there any good > > documentation > > > about the APIs? > > > > We really need more details in order to help you. > > > > The API for IPA is not documented though once you get the patterns > down > > it is fairly straightforward. > > > > This of course is a completely separate issue of kinit in python. > What > > release of IPA on which distro(s) are you looking at? > > > > rob > > > > > > > > Thanks in advance > > > > > > > > > On Mon, Aug 25, 2014 at 3:08 PM, Jakub Hrozek <[email protected] > > <mailto:[email protected]> > > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > > > On Mon, Aug 25, 2014 at 02:43:00PM +0200, Yago Fernández > > Pinilla wrote: > > > > Hi, > > > > > > > > I would like to create a script in python that does the same > > that > > > kinit, I > > > > don´t where to start. > > > > > > Why do you need this? > > > > > > -- > > > Manage your subscription for the Freeipa-users mailing list: > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > Go To http://freeipa.org for more info on the project > > > > > > > > > > > > > > > -- > > > Yago Fernández Pinilla > > > e-mail: [email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>> > > > > > > > > > > > > > > > > > > > -- > > Yago Fernández Pinilla > > e-mail: [email protected] <mailto:[email protected]> > > > > -- Yago Fernández Pinilla e-mail: [email protected]
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
