diff --git a/client/cli.keytab b/client/cli.keytab deleted file mode 100644 index 0dd6731..0000000 Binary files a/client/cli.keytab and /dev/null differ diff --git a/client/env b/client/env deleted file mode 100755 index 16a7856..0000000 --- a/client/env +++ /dev/null @@ -1,4 +0,0 @@ -PWD=$(pwd) -KRB5_CONFIG=${PWD}/client/krb5.conf -KRB5CCNAME=FILE:/tmp/krb5cc_cli_%{uid} -KRB5_CCNAME=FILE:/tmp/krb5cc_cli_%{uid} diff --git a/client/krb5.conf b/client/krb5.conf deleted file mode 100755 index b1d6ee2..0000000 --- a/client/krb5.conf +++ /dev/null @@ -1,20 +0,0 @@ -[logging] -default = FILE:/var/log/krb5libs.log -kdc = FILE:/var/log/krb5kdc.log -admin_server = FILE:/var/log/kadmind.log - -[libdefaults] -default_realm = TEST.COM -default_ccache_name = FILE:/tmp/krb5cc_cli_%{uid} -dns_lookup_realm = false -dns_lookup_kdc = false -ticket_lifetime = 24h -renew_lifetime = 7d -forwardable = true - -[realms] -TEST.COM = { - kdc = krb5-kdc-server:88 - admin_server = krb5-kdc-server -} - diff --git a/sample/client.py b/sample/client.py new file mode 100755 index 0000000..9d5ea93 --- /dev/null +++ b/sample/client.py @@ -0,0 +1,35 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +import os +import subprocess +import gssapi +import sys +import socket + +curr_path = os.getcwd() +os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf" +os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000" +os.environ["KRB5_KTNAME"] = curr_path + "/client/cli.keytab" +os.environ["KRB5_TRACE"] = "/tmp/client.log" +principal = "cli@TEST.COM" + +res = subprocess.call(["kinit", "-kt", "client/cli.keytab", principal]) +subprocess.call(["klist"]) + +name = gssapi.Name(principal) + +server_token = None +port = 12345 +s = socket.socket() +host = "127.0.0.1" +s.connect((host, port)) +rev = s.recv(1024) + +print(rev) +cname = name.canonicalize(gssapi.MechType.kerberos) +print(cname) +client_ctx = gssapi.SecurityContext(name=cname, usage="initiate") +while not client_ctx.complete: + client_token = client_ctx.step(server_token) + + diff --git a/sample/requirements.txt b/sample/requirements.txt new file mode 100644 index 0000000..5428e2e --- /dev/null +++ b/sample/requirements.txt @@ -0,0 +1 @@ +libkrb5-dev diff --git a/sample/server.py b/sample/server.py new file mode 100755 index 0000000..3f197d2 --- /dev/null +++ b/sample/server.py @@ -0,0 +1,39 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +import os +import gssapi +import sys +import subprocess +import socket + +# 设置环境变量 +principal = "server/hadoop.test.com@TEST.COM" +curr_path = os.getcwd() +os.environ["KRB5_CONFIG"] = curr_path + "/server/krb5.conf" +os.environ["KRB5_KTNAME"] = curr_path + "/server/hadoop.keytab" +os.environ["KRB5CCNAME"] = "/tmp/krb5cc_hadoop_1000" +os.environ["KRB5_TRACE"] = "/tmp/server.log" + +kinit_res = subprocess.call(["kinit", "-kt", os.environ["KRB5_KTNAME"], principal]) +klist_res = subprocess.call(["klist"]) +name = gssapi.Name("server/hadoop.test.com", name_type=gssapi.NameType.kerberos_principal) +cname = name.canonicalize(gssapi.MechType.kerberos) +print(cname) + +s = socket.socket() +host = "127.0.0.1" +port = 12345 + +s.bind((host, port)) +s.listen(1000) + +creds = gssapi.Credentials(usage="accept", name=cname) +server_ctx = gssapi.SecurityContext(creds=creds, usage="accept") +print(server_ctx) +while True: + c, addr = s.accept() + print("client") + c.send(b"no_auth") + + diff --git a/server/env b/server/env deleted file mode 100755 index 99cfeb3..0000000 --- a/server/env +++ /dev/null @@ -1,4 +0,0 @@ -PWD=$(pwd) -export KRB5_CONFIG=${PWD}/server/krb5.conf -export KRB5CCNAME=/tmp/krb5cc_hadoop_1000 -export KRB5_KTNAME=${PWD}/server/hadoop.keytab diff --git a/server/hadoop.keytab b/server/hadoop.keytab deleted file mode 100644 index 6c3ced5..0000000 Binary files a/server/hadoop.keytab and /dev/null differ diff --git a/server/krb5.conf b/server/krb5.conf deleted file mode 100755 index aba5aa5..0000000 --- a/server/krb5.conf +++ /dev/null @@ -1,20 +0,0 @@ -[logging] -default = FILE:/var/log/krb5libs.log -kdc = FILE:/var/log/krb5kdc.log -admin_server = FILE:/var/log/kadmind.log - -[libdefaults] -default_realm = TEST.COM -default_ccache_name = FILE:/tmp/krb5cc_hadoop_%{uid} -dns_lookup_realm = false -dns_lookup_kdc = false -ticket_lifetime = 24h -renew_lifetime = 7d -forwardable = true - -[realms] -TEST.COM = { - kdc = krb5-kdc-server:88 - admin_server = krb5-kdc-server -} -