update #7
Binary file not shown.
@ -1,4 +0,0 @@
|
|||||||
PWD=$(pwd)
|
|
||||||
KRB5_CONFIG=${PWD}/client/krb5.conf
|
|
||||||
KRB5CCNAME=FILE:/tmp/krb5cc_cli_%{uid}
|
|
||||||
KRB5_CCNAME=FILE:/tmp/krb5cc_cli_%{uid}
|
|
@ -1,20 +0,0 @@
|
|||||||
[logging]
|
|
||||||
default = FILE:/var/log/krb5libs.log
|
|
||||||
kdc = FILE:/var/log/krb5kdc.log
|
|
||||||
admin_server = FILE:/var/log/kadmind.log
|
|
||||||
|
|
||||||
[libdefaults]
|
|
||||||
default_realm = TEST.COM
|
|
||||||
default_ccache_name = FILE:/tmp/krb5cc_cli_%{uid}
|
|
||||||
dns_lookup_realm = false
|
|
||||||
dns_lookup_kdc = false
|
|
||||||
ticket_lifetime = 24h
|
|
||||||
renew_lifetime = 7d
|
|
||||||
forwardable = true
|
|
||||||
|
|
||||||
[realms]
|
|
||||||
TEST.COM = {
|
|
||||||
kdc = krb5-kdc-server:88
|
|
||||||
admin_server = krb5-kdc-server
|
|
||||||
}
|
|
||||||
|
|
35
sample/client.py
Executable file
35
sample/client.py
Executable file
@ -0,0 +1,35 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
import os
|
||||||
|
import subprocess
|
||||||
|
import gssapi
|
||||||
|
import sys
|
||||||
|
import socket
|
||||||
|
|
||||||
|
curr_path = os.getcwd()
|
||||||
|
os.environ["KRB5_CONFIG"] = curr_path + "/client/krb5.conf"
|
||||||
|
os.environ["KRB5CCNAME"] = "/tmp/krb5cc_cli_1000"
|
||||||
|
os.environ["KRB5_KTNAME"] = curr_path + "/client/cli.keytab"
|
||||||
|
os.environ["KRB5_TRACE"] = "/tmp/client.log"
|
||||||
|
principal = "cli@TEST.COM"
|
||||||
|
|
||||||
|
res = subprocess.call(["kinit", "-kt", "client/cli.keytab", principal])
|
||||||
|
subprocess.call(["klist"])
|
||||||
|
|
||||||
|
name = gssapi.Name(principal)
|
||||||
|
|
||||||
|
server_token = None
|
||||||
|
port = 12345
|
||||||
|
s = socket.socket()
|
||||||
|
host = "127.0.0.1"
|
||||||
|
s.connect((host, port))
|
||||||
|
rev = s.recv(1024)
|
||||||
|
|
||||||
|
print(rev)
|
||||||
|
cname = name.canonicalize(gssapi.MechType.kerberos)
|
||||||
|
print(cname)
|
||||||
|
client_ctx = gssapi.SecurityContext(name=cname, usage="initiate")
|
||||||
|
while not client_ctx.complete:
|
||||||
|
client_token = client_ctx.step(server_token)
|
||||||
|
|
||||||
|
|
1
sample/requirements.txt
Normal file
1
sample/requirements.txt
Normal file
@ -0,0 +1 @@
|
|||||||
|
libkrb5-dev
|
39
sample/server.py
Executable file
39
sample/server.py
Executable file
@ -0,0 +1,39 @@
|
|||||||
|
#!/usr/bin/env python3
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
import os
|
||||||
|
import gssapi
|
||||||
|
import sys
|
||||||
|
import subprocess
|
||||||
|
import socket
|
||||||
|
|
||||||
|
# 设置环境变量
|
||||||
|
principal = "server/hadoop.test.com@TEST.COM"
|
||||||
|
curr_path = os.getcwd()
|
||||||
|
os.environ["KRB5_CONFIG"] = curr_path + "/server/krb5.conf"
|
||||||
|
os.environ["KRB5_KTNAME"] = curr_path + "/server/hadoop.keytab"
|
||||||
|
os.environ["KRB5CCNAME"] = "/tmp/krb5cc_hadoop_1000"
|
||||||
|
os.environ["KRB5_TRACE"] = "/tmp/server.log"
|
||||||
|
|
||||||
|
kinit_res = subprocess.call(["kinit", "-kt", os.environ["KRB5_KTNAME"], principal])
|
||||||
|
klist_res = subprocess.call(["klist"])
|
||||||
|
name = gssapi.Name("server/hadoop.test.com", name_type=gssapi.NameType.kerberos_principal)
|
||||||
|
cname = name.canonicalize(gssapi.MechType.kerberos)
|
||||||
|
print(cname)
|
||||||
|
|
||||||
|
s = socket.socket()
|
||||||
|
host = "127.0.0.1"
|
||||||
|
port = 12345
|
||||||
|
|
||||||
|
s.bind((host, port))
|
||||||
|
s.listen(1000)
|
||||||
|
|
||||||
|
creds = gssapi.Credentials(usage="accept", name=cname)
|
||||||
|
server_ctx = gssapi.SecurityContext(creds=creds, usage="accept")
|
||||||
|
print(server_ctx)
|
||||||
|
while True:
|
||||||
|
c, addr = s.accept()
|
||||||
|
print("client")
|
||||||
|
c.send(b"no_auth")
|
||||||
|
|
||||||
|
|
@ -1,4 +0,0 @@
|
|||||||
PWD=$(pwd)
|
|
||||||
export KRB5_CONFIG=${PWD}/server/krb5.conf
|
|
||||||
export KRB5CCNAME=/tmp/krb5cc_hadoop_1000
|
|
||||||
export KRB5_KTNAME=${PWD}/server/hadoop.keytab
|
|
Binary file not shown.
@ -1,20 +0,0 @@
|
|||||||
[logging]
|
|
||||||
default = FILE:/var/log/krb5libs.log
|
|
||||||
kdc = FILE:/var/log/krb5kdc.log
|
|
||||||
admin_server = FILE:/var/log/kadmind.log
|
|
||||||
|
|
||||||
[libdefaults]
|
|
||||||
default_realm = TEST.COM
|
|
||||||
default_ccache_name = FILE:/tmp/krb5cc_hadoop_%{uid}
|
|
||||||
dns_lookup_realm = false
|
|
||||||
dns_lookup_kdc = false
|
|
||||||
ticket_lifetime = 24h
|
|
||||||
renew_lifetime = 7d
|
|
||||||
forwardable = true
|
|
||||||
|
|
||||||
[realms]
|
|
||||||
TEST.COM = {
|
|
||||||
kdc = krb5-kdc-server:88
|
|
||||||
admin_server = krb5-kdc-server
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user