From 5875081bb68ef32150308a260d8c794598d46c0a Mon Sep 17 00:00:00 2001
From: William Brown <firstyear@redhat.com>
Date: Nov 25 2015 02:55:04 +0000
Subject: Finished gssapi with cred destruction


---

diff --git a/RESTfulLDAP.py b/RESTfulLDAP.py
index fc49dc9..90689ad 100644
--- a/RESTfulLDAP.py
+++ b/RESTfulLDAP.py
@@ -1,4 +1,5 @@
 import ldap
+import ldap.sasl
 import socket
 from lib389 import DirSrv
 from lib389._constants import *
@@ -53,7 +54,8 @@ def getConnection(binddn='', password='', saslmethod=None):
 def _negotiate_start(req):
     # We need a better way to specify the keytab.
     # configuration file perhaps ....
-    svc_princ = gssnames.Name('HTTP/ldapkdc.example.com@EXAMPLE.COM')
+    # is there a way to determine the realm easily ... ?
+    svc_princ = gssnames.Name('HTTP/%s@EXAMPLE.COM'% (socket.gethostname()))
     server_creds = gsscreds.Credentials(usage='accept', name=svc_princ)
     context = gssctx.SecurityContext(creds=server_creds)
     # Yay! Undocumented gssapi magic. No indication that you need to b64 decode.
@@ -74,7 +76,9 @@ def _negotiate_end(context):
     # We still need to destroy the creds though if WE set them.
     # When we throw away the gss context, this memory cred is destroyed
     # but there is no way in python-gssapi to free gss_cred_id_t
-    pass
+    deleg_creds = context.delegated_creds
+    del(deleg_creds)
+    #del(context)
 
 
 def _connection(f, *args, **kwargs):