update kerberos
This commit is contained in:
parent
debf816e24
commit
cdddd51f9e
@ -6,6 +6,19 @@ import gssapi
|
|||||||
import sys
|
import sys
|
||||||
import socket
|
import socket
|
||||||
|
|
||||||
|
def send_data(data:bytes, length:int):
|
||||||
|
len_str = length.to_bytes(3, byteorder="little", signed=True)
|
||||||
|
print(len_str)
|
||||||
|
s.send(len_str)
|
||||||
|
s.send(data)
|
||||||
|
|
||||||
|
def recv_data():
|
||||||
|
bs = s.recv(3)
|
||||||
|
length = int.from_bytes(bs, byteorder="little", signed=True)
|
||||||
|
print(length)
|
||||||
|
data = s.recv(length)
|
||||||
|
return data
|
||||||
|
|
||||||
curr_path = os.getcwd()
|
curr_path = os.getcwd()
|
||||||
os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf"
|
os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf"
|
||||||
os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000"
|
os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000"
|
||||||
@ -31,5 +44,10 @@ print(cname)
|
|||||||
client_ctx = gssapi.SecurityContext(name=cname, usage="initiate")
|
client_ctx = gssapi.SecurityContext(name=cname, usage="initiate")
|
||||||
while not client_ctx.complete:
|
while not client_ctx.complete:
|
||||||
client_token = client_ctx.step(server_token)
|
client_token = client_ctx.step(server_token)
|
||||||
|
client_token = client_token or b''
|
||||||
|
print("client_token=", client_token, "\nlen=", len(client_token), "\n")
|
||||||
|
send_data(client_token, len(client_token))
|
||||||
|
server_token = recv_data()
|
||||||
|
print("server_token=", server_token,"len=",len(server_token), "\n")
|
||||||
|
|
||||||
|
|
||||||
|
@ -5,7 +5,21 @@ import os
|
|||||||
import gssapi
|
import gssapi
|
||||||
import sys
|
import sys
|
||||||
import subprocess
|
import subprocess
|
||||||
import socket
|
import socket
|
||||||
|
|
||||||
|
s = socket.socket()
|
||||||
|
|
||||||
|
def send_data(cli:socket, data:bytes, length:int):
|
||||||
|
cli.send(length.to_bytes(3, byteorder="little", signed=True))
|
||||||
|
cli.send(data)
|
||||||
|
|
||||||
|
def recv_data(cli:socket):
|
||||||
|
bs = cli.recv(3)
|
||||||
|
length = int.from_bytes(bs, byteorder="little", signed=True)
|
||||||
|
print(length)
|
||||||
|
data = cli.recv(length)
|
||||||
|
return data
|
||||||
|
|
||||||
|
|
||||||
# 设置环境变量
|
# 设置环境变量
|
||||||
principal = "server/hadoop.test.com@TEST.COM"
|
principal = "server/hadoop.test.com@TEST.COM"
|
||||||
@ -21,7 +35,6 @@ name = gssapi.Name("server/hadoop.test.com", name_type=gssapi.NameType.kerberos_
|
|||||||
cname = name.canonicalize(gssapi.MechType.kerberos)
|
cname = name.canonicalize(gssapi.MechType.kerberos)
|
||||||
print(cname)
|
print(cname)
|
||||||
|
|
||||||
s = socket.socket()
|
|
||||||
host = "127.0.0.1"
|
host = "127.0.0.1"
|
||||||
port = 12345
|
port = 12345
|
||||||
|
|
||||||
@ -35,5 +48,12 @@ while True:
|
|||||||
c, addr = s.accept()
|
c, addr = s.accept()
|
||||||
print("client")
|
print("client")
|
||||||
c.send(b"no_auth")
|
c.send(b"no_auth")
|
||||||
|
while not server_ctx.complete:
|
||||||
|
client_ticket = recv_data(c)
|
||||||
|
print("client_ticket=", client_ticket, "len=", len(client_ticket), "\n")
|
||||||
|
server_token = server_ctx.step(client_ticket)
|
||||||
|
print("server_token=", server_token, "len=", len(server_token), "\n")
|
||||||
|
send_data(c, server_token, len(server_token))
|
||||||
|
print("auth ok")
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user