45 lines
1.3 KiB
Python
45 lines
1.3 KiB
Python
|
import os
|
||
|
|
import subprocess
|
||
|
|
|
||
|
|
from zope import component
|
||
|
|
from zope.interface import implementer
|
||
|
|
|
||
|
|
from ceo_common.interfaces import IKerberosService
|
||
|
|
from ceo_common.interfaces import IConfig
|
||
|
|
|
||
|
|
|
||
|
|
@implementer(IKerberosService)
|
||
|
|
class KerberosService:
|
||
|
|
def __init__(self):
|
||
|
|
cfg = component.getUtility(IConfig)
|
||
|
|
self.admin_principal = cfg.get('ldap_admin_principal')
|
||
|
|
|
||
|
|
cache_file = '/run/ceod/krb5_cache'
|
||
|
|
os.makedirs('/run/ceod', exist_ok=True)
|
||
|
|
os.putenv('KRB5CCNAME', 'FILE:' + cache_file)
|
||
|
|
self.kinit()
|
||
|
|
|
||
|
|
def kinit(self):
|
||
|
|
subprocess.run(['kinit', '-k', 'ceod/admin'], check=True)
|
||
|
|
|
||
|
|
def addprinc(self, principal: str, password: str):
|
||
|
|
subprocess.run([
|
||
|
|
'kadmin', '-k', '-p', self.admin_principal, 'addprinc',
|
||
|
|
'-pw', password,
|
||
|
|
'-policy', 'default',
|
||
|
|
'+needchange',
|
||
|
|
principal
|
||
|
|
], check=True)
|
||
|
|
|
||
|
|
def change_password(self, principal: str, password: str):
|
||
|
|
subprocess.run([
|
||
|
|
'kadmin', '-k', '-p', self.admin_principal, 'cpw',
|
||
|
|
'-pw', password,
|
||
|
|
principal
|
||
|
|
], check=True)
|
||
|
|
subprocess.run([
|
||
|
|
'kadmin', '-k', '-p', self.admin_principal, 'modprinc',
|
||
|
|
'+needchange',
|
||
|
|
principal
|
||
|
|
], check=True)
|