25 lines
607 B
Python
25 lines
607 B
Python
import subprocess
|
|
|
|
import gssapi
|
|
|
|
|
|
def krb_check():
|
|
"""
|
|
Spawns a `kinit` process if no credentials are available or the
|
|
credentials have expired.
|
|
Returns the principal string 'user@REALM'.
|
|
"""
|
|
for _ in range(2):
|
|
try:
|
|
creds = gssapi.Credentials(usage='initiate')
|
|
result = creds.inquire()
|
|
return str(result.name)
|
|
except (gssapi.raw.misc.GSSError, gssapi.raw.exceptions.ExpiredCredentialsError):
|
|
kinit()
|
|
|
|
raise Exception('could not acquire GSSAPI credentials')
|
|
|
|
|
|
def kinit():
|
|
subprocess.run(['kinit'], check=True)
|