| |
@@ -30,11 +30,6 @@
|
| |
import koji.policy
|
| |
from koji.util import LazyDict, LazyValue, to_list
|
| |
|
| |
- try:
|
| |
- import krbV
|
| |
- except ImportError: # pragma: no cover
|
| |
- krbV = None
|
| |
-
|
| |
|
| |
def _(args):
|
| |
"""Stub function for translation"""
|
| |
@@ -51,14 +46,6 @@
|
| |
help=_("use alternate configuration file"))
|
| |
parser.add_option("--keytab", help=_("specify a Kerberos keytab to use"))
|
| |
parser.add_option("--principal", help=_("specify a Kerberos principal to use"))
|
| |
- parser.add_option("--krbservice", default="host",
|
| |
- help=_("the service name of the principal being used by the hub"))
|
| |
- parser.add_option("--krb-rdns", action="store_true", default=False,
|
| |
- help=_("get reverse dns FQDN for krb target"))
|
| |
- parser.add_option("--krb-canon-host", action="store_true", default=False,
|
| |
- help=_("get canonical hostname for krb target"))
|
| |
- parser.add_option("--krb-server-realm",
|
| |
- help=_("the realm of server Kerberos principal"))
|
| |
parser.add_option("--runas", metavar="USER",
|
| |
help=_("run as the specified user (requires special privileges)"))
|
| |
parser.add_option("--user", help=_("specify user"))
|
| |
@@ -137,10 +124,6 @@
|
| |
# name, alias, type
|
| |
['keytab', None, 'string'],
|
| |
['principal', None, 'string'],
|
| |
- ['krbservice', None, 'string'],
|
| |
- ['krb_rdns', None, 'boolean'],
|
| |
- ['krb_canon_host', None, 'boolean'],
|
| |
- ['krb_server_realm', None, 'string'],
|
| |
['runas', None, 'string'],
|
| |
['user', None, 'string'],
|
| |
['password', None, 'string'],
|
| |
@@ -368,18 +351,6 @@
|
| |
(ret, koji.API_VERSION)))
|
| |
|
| |
|
| |
- def has_krb_creds():
|
| |
- if krbV is None:
|
| |
- return False
|
| |
- try:
|
| |
- ctx = krbV.default_context()
|
| |
- ccache = ctx.default_ccache()
|
| |
- ccache.principal()
|
| |
- return True
|
| |
- except krbV.Krb5Error:
|
| |
- return False
|
| |
-
|
| |
-
|
| |
def activate_session(session):
|
| |
"""Test and login the session is applicable"""
|
| |
global options
|
| |
@@ -392,17 +363,9 @@
|
| |
elif options.user:
|
| |
# authenticate using user/password
|
| |
session.login()
|
| |
- elif has_krb_creds() or (options.keytab and options.principal):
|
| |
- try:
|
| |
- if options.keytab and options.principal:
|
| |
- session.krb_login(principal=options.principal, keytab=options.keytab,
|
| |
- proxyuser=options.runas)
|
| |
- else:
|
| |
- session.krb_login(proxyuser=options.runas)
|
| |
- except krbV.Krb5Error as e:
|
| |
- error(_("Kerberos authentication failed: %s (%s)") % (e.args[1], e.args[0]))
|
| |
- except socket.error as e:
|
| |
- warn(_("Could not connect to Kerberos authentication service: '%s'") % e.args[1])
|
| |
+ elif koji.requests_kerberos:
|
| |
+ session.gssapi_login(principal=options.principal, keytab=options.keytab,
|
| |
+ proxyuser=options.runas)
|
| |
if not options.noauth and not session.logged_in:
|
| |
error(_("Error: unable to log in, no authentication methods available"))
|
| |
ensure_connection(session)
|
| |
Fixes: https://pagure.io/koji/issue/2143