[32014] in Kerberos
Re: programatic translation of authentication names to local names
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Wed Feb 3 23:55:49 2010
Mime-Version: 1.0 (Apple Message framework v1077)
Content-Type: multipart/mixed; boundary=Apple-Mail-6--810682046
From: Ken Raeburn <raeburn@mit.edu>
In-Reply-To: <1008729D-0F33-4BD5-ADD4-BBB7160B9EBD@apache.org>
Date: Wed, 3 Feb 2010 23:55:26 -0500
Message-Id: <BC003EB7-4D3F-4073-A1AD-6C3AF2B4A639@mit.edu>
To: "Owen O'Malley" <omalley@apache.org>
Cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
--Apple-Mail-6--810682046
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=us-ascii
On Feb 3, 2010, at 21:40, Owen O'Malley wrote:
> We're adding Kerberos security to Apache Hadoop (hadoop.apache.org), =20=
> which is an open source petabyte-scale distributed file system and =20
> MapReduce implementation. Since MapReduce includes running =20
> distributed jobs, we need to map the authenticated names to local OS =20=
> names. Within Kerberos this seems to be done by =20
> krb5_aname_to_localname. Unfortunately, that method doesn't seem to be =
=20
> exported via a public API or a CLI tool.
Looking at the 1.7.1 source tarball, I do see krb5_aname_to_localname in =
the symbol export list file that should get used to build the library. =
Are you unable to link against it on some system?
You are correct that no CLI tool is shipped for examining the mapping. =
Perhaps you can do something with the attached, rather hastily written =
script (assuming it doesn't get stripped out by the mail server).
Ken
--=20
Ken Raeburn / raeburn@mit.edu / no longer at MIT Kerberos Consortium
--Apple-Mail-6--810682046
Content-Disposition: attachment;
filename=aname.py
Content-Type: text/x-python-script;
x-unix-mode=0666;
name="aname.py"
Content-Transfer-Encoding: 7bit
from ctypes import *
libkrb5 = cdll.LoadLibrary("libkrb5.so.3")
princname = "raeburn@ATHENA.MIT.EDU"
def fatal(err, what):
msg = "error " + str(err)
get_msg = libkrb5.krb5_get_error_message
get_msg.argtypes = [c_void_p, c_int]
get_msg.restype = c_char_p
if (ctx):
msg = msg + " (" + get_msg(ctx, err) + ")"
print msg, what
exit(1)
ctx = c_void_p()
init = libkrb5.krb5_init_context
init.argtypes = [POINTER(c_void_p)]
ret = init(byref(ctx))
if ret:
fatal(ret, "initializing")
princ = c_void_p()
parse = libkrb5.krb5_parse_name
parse.argtypes = [c_void_p, c_char_p, POINTER(c_void_p)]
ret = parse(ctx, princname, byref(princ))
if ret:
fatal(ret, "parsing")
local = libkrb5.krb5_aname_to_localname
local.argtypes = [c_void_p, c_void_p, c_int, c_char_p]
buf = create_string_buffer('a' * 300)
ret = local(ctx, princ, 300, buf)
if ret:
fatal(ret, "making local")
print "local name = '" + buf.value + "'"
--Apple-Mail-6--810682046
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
--Apple-Mail-6--810682046
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--Apple-Mail-6--810682046--
