update

client/env

@@ -1,4 +0,0 @@
-PWD=$(pwd)
-KRB5_CONFIG=${PWD}/client/krb5.conf
-KRB5CCNAME=FILE:/tmp/krb5cc_cli_%{uid}
-KRB5_CCNAME=FILE:/tmp/krb5cc_cli_%{uid}

client/krb5.conf

@@ -1,20 +0,0 @@
-[logging]
-default = FILE:/var/log/krb5libs.log
-kdc = FILE:/var/log/krb5kdc.log
-admin_server = FILE:/var/log/kadmind.log
-
-[libdefaults]
-default_realm = TEST.COM
-default_ccache_name = FILE:/tmp/krb5cc_cli_%{uid}
-dns_lookup_realm = false
-dns_lookup_kdc = false
-ticket_lifetime = 24h
-renew_lifetime = 7d
-forwardable = true
-
-[realms]
-TEST.COM = {
-  kdc = krb5-kdc-server:88
-  admin_server = krb5-kdc-server
-}
-

sample/client.py

@@ -0,0 +1,35 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+import os 
+import subprocess 
+import gssapi 
+import sys 
+import socket
+
+curr_path = os.getcwd()
+os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf"
+os.environ["KRB5CCNAME"]  = "/tmp/krb5cc_cli_1000"
+os.environ["KRB5_KTNAME"] = curr_path + "/client/cli.keytab"
+os.environ["KRB5_TRACE"] = "/tmp/client.log"
+principal = "cli@TEST.COM"
+
+res = subprocess.call(["kinit", "-kt", "client/cli.keytab", principal])
+subprocess.call(["klist"])
+
+name = gssapi.Name(principal)
+
+server_token = None 
+port = 12345
+s = socket.socket()
+host = "127.0.0.1"
+s.connect((host, port))
+rev = s.recv(1024)
+
+print(rev)
+cname = name.canonicalize(gssapi.MechType.kerberos)
+print(cname)
+client_ctx = gssapi.SecurityContext(name=cname, usage="initiate")
+while not client_ctx.complete:
+    client_token = client_ctx.step(server_token)
+    
+

sample/requirements.txt

@@ -0,0 +1 @@
+libkrb5-dev 

sample/server.py

@@ -0,0 +1,39 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+import os 
+import gssapi 
+import sys 
+import subprocess 
+import socket
+
+# 设置环境变量
+principal = "server/hadoop.test.com@TEST.COM"
+curr_path = os.getcwd()
+os.environ["KRB5_CONFIG"] = curr_path + "/server/krb5.conf"
+os.environ["KRB5_KTNAME"] = curr_path + "/server/hadoop.keytab"
+os.environ["KRB5CCNAME"] = "/tmp/krb5cc_hadoop_1000"
+os.environ["KRB5_TRACE"] = "/tmp/server.log"
+
+kinit_res = subprocess.call(["kinit", "-kt", os.environ["KRB5_KTNAME"], principal])
+klist_res = subprocess.call(["klist"])
+name = gssapi.Name("server/hadoop.test.com", name_type=gssapi.NameType.kerberos_principal)
+cname = name.canonicalize(gssapi.MechType.kerberos)
+print(cname)
+
+s = socket.socket()
+host = "127.0.0.1"
+port = 12345
+
+s.bind((host, port))
+s.listen(1000)
+
+creds = gssapi.Credentials(usage="accept", name=cname)
+server_ctx = gssapi.SecurityContext(creds=creds, usage="accept")
+print(server_ctx)
+while True:
+    c, addr = s.accept()
+    print("client")
+    c.send(b"no_auth")
+
+

server/env

@@ -1,4 +0,0 @@
-PWD=$(pwd)
-export KRB5_CONFIG=${PWD}/server/krb5.conf
-export KRB5CCNAME=/tmp/krb5cc_hadoop_1000
-export KRB5_KTNAME=${PWD}/server/hadoop.keytab

server/krb5.conf

@@ -1,20 +0,0 @@
-[logging]
-default = FILE:/var/log/krb5libs.log
-kdc = FILE:/var/log/krb5kdc.log
-admin_server = FILE:/var/log/kadmind.log
-
-[libdefaults]
-default_realm = TEST.COM
-default_ccache_name = FILE:/tmp/krb5cc_hadoop_%{uid}
-dns_lookup_realm = false
-dns_lookup_kdc = false
-ticket_lifetime = 24h
-renew_lifetime = 7d
-forwardable = true
-
-[realms]
-TEST.COM = {
-  kdc = krb5-kdc-server:88
-  admin_server = krb5-kdc-server
-}
-