This commit is contained in:
LingZhaoHui 2022-07-28 22:47:57 +08:00
parent 111d625df9
commit debf816e24
9 changed files with 75 additions and 48 deletions

Binary file not shown.

View File

@ -1,4 +0,0 @@
PWD=$(pwd)
KRB5_CONFIG=${PWD}/client/krb5.conf
KRB5CCNAME=FILE:/tmp/krb5cc_cli_%{uid}
KRB5_CCNAME=FILE:/tmp/krb5cc_cli_%{uid}

View File

@ -1,20 +0,0 @@
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TEST.COM
default_ccache_name = FILE:/tmp/krb5cc_cli_%{uid}
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
TEST.COM = {
kdc = krb5-kdc-server:88
admin_server = krb5-kdc-server
}

35
sample/client.py Executable file
View File

@ -0,0 +1,35 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
import subprocess
import gssapi
import sys
import socket
curr_path = os.getcwd()
os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf"
os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000"
os.environ["KRB5_KTNAME"] = curr_path + "/client/cli.keytab"
os.environ["KRB5_TRACE"] = "/tmp/client.log"
principal = "cli@TEST.COM"
res = subprocess.call(["kinit", "-kt", "client/cli.keytab", principal])
subprocess.call(["klist"])
name = gssapi.Name(principal)
server_token = None
port = 12345
s = socket.socket()
host = "127.0.0.1"
s.connect((host, port))
rev = s.recv(1024)
print(rev)
cname = name.canonicalize(gssapi.MechType.kerberos)
print(cname)
client_ctx = gssapi.SecurityContext(name=cname, usage="initiate")
while not client_ctx.complete:
client_token = client_ctx.step(server_token)

1
sample/requirements.txt Normal file
View File

@ -0,0 +1 @@
libkrb5-dev

39
sample/server.py Executable file
View File

@ -0,0 +1,39 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import os
import gssapi
import sys
import subprocess
import socket
# 设置环境变量
principal = "server/hadoop.test.com@TEST.COM"
curr_path = os.getcwd()
os.environ["KRB5_CONFIG"] = curr_path + "/server/krb5.conf"
os.environ["KRB5_KTNAME"] = curr_path + "/server/hadoop.keytab"
os.environ["KRB5CCNAME"] = "/tmp/krb5cc_hadoop_1000"
os.environ["KRB5_TRACE"] = "/tmp/server.log"
kinit_res = subprocess.call(["kinit", "-kt", os.environ["KRB5_KTNAME"], principal])
klist_res = subprocess.call(["klist"])
name = gssapi.Name("server/hadoop.test.com", name_type=gssapi.NameType.kerberos_principal)
cname = name.canonicalize(gssapi.MechType.kerberos)
print(cname)
s = socket.socket()
host = "127.0.0.1"
port = 12345
s.bind((host, port))
s.listen(1000)
creds = gssapi.Credentials(usage="accept", name=cname)
server_ctx = gssapi.SecurityContext(creds=creds, usage="accept")
print(server_ctx)
while True:
c, addr = s.accept()
print("client")
c.send(b"no_auth")

View File

@ -1,4 +0,0 @@
PWD=$(pwd)
export KRB5_CONFIG=${PWD}/server/krb5.conf
export KRB5CCNAME=/tmp/krb5cc_hadoop_1000
export KRB5_KTNAME=${PWD}/server/hadoop.keytab

Binary file not shown.

View File

@ -1,20 +0,0 @@
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = TEST.COM
default_ccache_name = FILE:/tmp/krb5cc_hadoop_%{uid}
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
TEST.COM = {
kdc = krb5-kdc-server:88
admin_server = krb5-kdc-server
}