Can't execute from git checkout

[atodorov]

$ ./gssapi-console.py -i
The krb5 environment is not supported by the GSSAPI console

pip freeze shows:

decorator==4.3.0
enum34==1.1.6
gssapi==1.5.1
k5test==0.9.2
six==1.11.0

I am trying to follow the steps from this blog post: https://mivehind.net/2017/11/06/kerberos-underworld/ and they seem to be exactly what I need but can't get the tool working.

[frozencemetery]

Hi, thanks for your interest!

What Kerberos implementation are you using here? The infrastructure only supports MIT. Maybe we should add a note about that...

[atodorov]

Yes, I have MIT Kerberos.

I did a setup.py install inside my virtualenv and it worked so I think the problem is with the entry_points but not sure what exactly.

[atodorov]

On a related note I was thinking that I can use this package to simulate kerberos environment for development and testing but it doesn't seem I can do this.

I was imagining that it would work similar to a virtenv wrapper.

Do you have any tips in this direction ?

[DirectXMan12]

It does, in fact, look like a setuptools/entry_point issue.

Basically, gssapi-console consists of two parts: the console logic, and the drivers. The console logic is responsible for setting up the REPL, calling out to the driver to create a new environment or "join" an existing console environment, setting up useful helper objects, and asking the driver to tear down environments.

The drivers are responsible for setting up self-contained installations of GSSAPI implementations, and are specified via entrypoints. Right now, there's only one driver (which is built in to gssapi-console) that calls out to k5test. k5test sets up a self-contained (more-or-less) MIT krb5 environment. It's running a KDC, etc, just configured to store all state and configurating in /tmp. This means that you get to test against an actual krb5 installation instead of a simulation, but you do have to have krb5 installed.

The weird part here is that the krb5 driver's entrypoint is specified in gssapi-console's setup.py (since the logic wrapping k5test ships with gssapi-console), so you shouldn't be failing to see the krb5 entrypoint (which is what prompts that message: https://github.com/pythongssapi/gssapi-console/blob/master/gssapi-console.py#L56)

[DirectXMan12]

@frozencemetery can you repro? @atodorov can you paste the set of commands that you ran here? Or provide a bash script to repro, or something?

[frozencemetery]

Crap. Yes, I can reproduce.

[frozencemetery]

pkgres.iter_entry_points('gssapi_console.drivers', name=PARSED_ARGS.mech) is a generator with no values. I don't know anything about pkg_resources; @DirectXMan12, do you know why it would be empty?

However, if I run python setup.py install, everything works - running either the installed version, or the local checkout. What does this do that we don't have done?

[DirectXMan12]

pkg_resources is a setuptools thing. Essentially, setuptools allows you to refer to package metadata -- for instance, if you want to provide a "hook" for other packages to register themselves with you, you use "entry points". There's other things you can refer to in pkg_resources, IIRC.

My conjecture is that pkg_resources pulls from metadata from installed packages, so if you don't install, it doesn't know how to get at that metadata. One workaround, IIRC, is to use pip install . --dev (don't remember if that's the exact flag name, but that's the gist of it), which "installs" your package with a bunch of symlinks so you're working off of the local checkout instead of copying to install.

@frozencemetery can you confirm that pip install . --dev works, and if so, we should add that to the README.