internet/ansible-freeipa
4
0
Fork 0
mirror of https://github.com/freeipa/ansible-freeipa.git synced 2026-05-06 21:33:14 +00:00
Code Issues Projects Releases Wiki Activity

ansible_freeipa_module: Better support for KRB5CCNAME environment variable

Browse Source 
The use of gssapi.creds.Credentials is not good if krb5 ticket forwarding
is used. It will fail. gssapi.Credentials with usage and store is the proper
way to do this.
This commit is contained in:
Thomas Woerner
2019-12-02 15:51:00 +01:00
parent 8da4b73b44
commit e77f4daaa9
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
plugins/module_utils/ansible_freeipa_module.py
View File

@@ -50,10 +50,12 @@ def valid_creds(module, principal):
Get valid credintials matching the princial, try GSSAPI first
"""
if "KRB5CCNAME" in os.environ:
module.debug('KRB5CCNAME set to %s' %
os.environ.get('KRB5CCNAME', None))
ccache = os.environ["KRB5CCNAME"]
module.debug('KRB5CCNAME set to %s' % ccache)
try:
cred = gssapi.creds.Credentials()
cred = gssapi.Credentials(usage='initiate',
store={'ccache': ccache})
except gssapi.raw.misc.GSSError as e:
module.fail_json(msg='Failed to find default ccache: %s' % e)
else: