The lifetime argument passed to gssapi.Credentials is not respected, freshly-minted creds all come back with a lifetime of 86400.
I am presuming this is naive user error, but can't figure out how to generate credentials with a specific lifetime from python-gssapi. I can run kinit -l 100 to generate lifetime-specific credentials manually.
How do we reproduce?
import gssapi, os
cred = gssapi.Credentials(usage='initiate', store={'client_keytab': os.getenv('KRB5_KTNAME')}, lifetime=100)
print(cred.inquire().lifetime)
Component versions (python-gssapi, Kerberos, OS / distro, etc.)
All packages installed via conda-forge on Debian 11 under WSL:
$ uname -a
Linux WR14F6D8F62EF8 5.15.79.1-microsoft-standard-WSL2 #1 SMP Wed Nov 23 01:01:46 UTC 2022 x86_64 GNU/Linux
$ conda list "(python-gssapi|krb5)"
# packages in environment at /home/duncan/opt/mambaforge/envs/py311:
#
# Name Version Build Channel
krb5 1.20.1 h81ceb04_0 conda-forge
python-gssapi 1.8.2 py311ha54f867_2 conda-forge
What went wrong?
The
lifetime
argument passed togssapi.Credentials
is not respected, freshly-minted creds all come back with a lifetime of 86400.I am presuming this is naive user error, but can't figure out how to generate credentials with a specific lifetime from python-gssapi. I can run
kinit -l 100
to generate lifetime-specific credentials manually.How do we reproduce?
Component versions (python-gssapi, Kerberos, OS / distro, etc.)
All packages installed via conda-forge on Debian 11 under WSL: