Use Popen instead of popeni for kinit

popeni is mad hacks for talking to e.g. kadmin and using a pseudo-terminal. When using kinit with a keytab, a pipe will suffice.
2007-12-05 23:32:39 -05:00 · 2007-12-05 23:32:39 -05:00 · 3c9bb06f99
parent 6c0f2227bd
commit 3c9bb06f99
1 changed files with 7 additions and 6 deletions
--- a/pylib/csc/backends/ldapi.py
+++ b/pylib/csc/backends/ldapi.py
@ -13,7 +13,8 @@ have an LDAP entry, even if the account does not log in directly.
 This module makes use of python-ldap, a Python module with bindings
 to libldap, OpenLDAP's native C client library.
 """
-import ldap.modlist, ipc, os
+import ldap.modlist
+from subprocess import Popen, PIPE


 class LDAPException(Exception):
@ -673,12 +674,12 @@ class Sasl:

        if mech == 'GSSAPI':
            type, arg = password
-            kinit = '/usr/bin/kinit'
-            kinit_args = [ 'kinit', '%s@%s' % (userid, realm) ]
+            kinit_args = [ '/usr/bin/kinit', '%s@%s' % (userid, realm) ]
            if type == 'keytab':
-                kinit_args += [ '-k', '-t', arg ]
-            pid, kinit_out, kinit_in = ipc.popeni(kinit, kinit_args)
-            os.waitpid(pid, 0)
+                kinit_args += [ '-kt', arg ]
+
+            kinit = Popen(kinit_args, stdin=PIPE, stdout=PIPE, stderr=PIPE)
+            kinit.wait()

    def callback(self, id, challenge, prompt, defresult):
        if id == self.CB_USER: