pythongssapi / python-gssapi

A Python interface to RFC 2743/2744 (plus common extensions)
ISC License
104 stars 46 forks source link

lifetime argument not respected when initiating credentials #310

Closed duncanmmacleod closed 1 year ago

duncanmmacleod commented 1 year ago

What went wrong?

The lifetime argument passed to gssapi.Credentials is not respected, freshly-minted creds all come back with a lifetime of 86400.

I am presuming this is naive user error, but can't figure out how to generate credentials with a specific lifetime from python-gssapi. I can run kinit -l 100 to generate lifetime-specific credentials manually.

How do we reproduce?

import gssapi, os
cred = gssapi.Credentials(usage='initiate', store={'client_keytab': os.getenv('KRB5_KTNAME')}, lifetime=100)
print(cred.inquire().lifetime)

Component versions (python-gssapi, Kerberos, OS / distro, etc.)

All packages installed via conda-forge on Debian 11 under WSL:

$ uname -a
Linux WR14F6D8F62EF8 5.15.79.1-microsoft-standard-WSL2 #1 SMP Wed Nov 23 01:01:46 UTC 2022 x86_64 GNU/Linux
$ conda list "(python-gssapi|krb5)"
# packages in environment at /home/duncan/opt/mambaforge/envs/py311:
#
# Name                    Version                   Build  Channel
krb5                      1.20.1               h81ceb04_0    conda-forge
python-gssapi             1.8.2           py311ha54f867_2    conda-forge