Closed Mirraz closed 6 years ago
Thanks again for your PR. I solved the conflicts and tested your modifications against the existing test cases locally.
Everything looked fine until I remembered something about why I ended up using _gss_acquirecred instead of _gss_krb5_importcred. With the former one, I'm able to use GSS-SPNEGO mechanism (which eventually falls back to GSSAPI), but with _gss_krb5_importcred I receive the following error:
GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (SPNEGO cannot find mechanisms to negotiate)
I'm not familiar enough with GSSAPI or Kerberos to cope with this problem. I'm hoping you might have some idea about it.
Say we have joined to multiple domains and have got multiple keytabs each for every domain. Then we merged these keytabs to one default keytab. Then if we want to connect to any domain we must specify exact principal we want to use from keytab otherwise the first will be always used. In this pull-request I suggest this algorithm: if auth mechanism is
GSSAPI
andNone
is passed as password inset_credentials()
then it will attempt to acquire gss cred from default keytab usinguser
andrealm
as principal.