-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to kerberos instead of pykerberos #63
Comments
@toabctl The switch to PyKerberos was required because of limited support for Python 3 in the Kerberos library for a long time. However, we can safely switch back. |
@Lukasa So py3 support is now good in kerberos? Should I prepare a PR ? |
I believe it is, yes. |
@rbcarson hm. so are you saying that we should stay with pykerberos? And is it just changing the requirements.txt line or is there more todo for a switch? |
@toabctl I have no preference. Are you able to test the change? We don't have any automated tests against a real server. In addition to requirements.txt, it's also listed in setup.py's |
Apple is developing the kerberos package again. They just did a release on pypi in January. It appears to fully support python 3 now. |
Scratch that. You can't currently switch to Apple's kerberos module. The context object it creates has to be explicitly freed by calling authGSSClientClean when you are done with it. Sadly, that causes issues under python 3.x: |
Note #76 from yesterday, in which Apple's Kerberos 1.2.4 has a bug involving the explicit principal support that was recently added to requests-kerberos (it would have been possible to avoid the issue with some refactoring requests-kerberos in though). |
Is there any open issue against Apple's Kerberos for the problem observed in #76? |
Not that I know of, though their issue tracker is tricky to dig through. I don't think it's fixed in trunk. |
Okay I filed: https://www.calendarserver.org/ticket/942 |
Just be careful not to switch to a kerberos/gssapi object that does not fully support the GSSAPI standards. Using one that just does a subset does everyone a great disservice. |
apple/ccs-pykerberos#49 (https://www.calendarserver.org/ticket/942) was merged in apple/ccs-pykerberos#52 and the fix is in 1.2.5. Nothing blocking the change then? |
I've sent two pull requests to ccs-pykerberos that, once merged, would allow requests-kerberos to switch with no code changes. |
With the release of ccs-pykerberos 1.3.0 this change should be unblocked. |
Has a decision been made? Is |
Can this be revisited? Today I observed both My requirements.txt contains:
Given that it seems like I suppose I can remove |
The same one, or conflicting ones? |
Did that include apple/ccs-pykerberos#70 as you noted was needed in #97? |
Hi @Lukasa, interested in this too. Anything we can do to help make progress? |
It seems that right now |
Ultimately both kerberos and pykerberos are old projects and should be avoided where possible. If you are running on Linux I highly recommend you use requests-gssapi which uses a similar API to this library but is based on the newer and definitely maintained gssapi project. |
This library will use pyspnego in the upcoming |
Distributions (openSUSE, Debian, Ubuntu, Fedora) already ship python-kerberos but nobody ships python-pykerberos . And both have the same kerberos.so so they are not installable in parallel.
Can you please switch to kerberos (from pypi) instead of using pykerberos? Looks anyway that pykerberos is just a fork of kerberos. Or am I missing something?
The text was updated successfully, but these errors were encountered: