I'm wondering - if anyone has an elegant solution to checking for a valid Kerberos ticket using Python. I'm not seeing anyway with kinit or klist that will show if a ticket is expired with a return code but I could run klist and use a regex for the output .
Add a comment |
2 Answers
Another option is to check exit status of 'klist -s' looks shorter and does not use krbV:
import subprocess def has_kerberos_ticket(): return True if subprocess.call(['klist', '-s']) == 0 else False 
You've got two options: the first is to use 'klist -s' and check the return code. The nicer option is to use the python-krbV module:
import krbV def has_ticket(): ''' Checks to see if the user has a valid ticket. ''' ctx = krbV.default_context() cc = ctx.default_ccache() try: princ = cc.principal() retval = True except krbV.Krb5Error: retval = False return retval 
1 Comment
Richard E. Silverman
Note that these are not equivalent: klist -s also exits non-zero if there is a ccache with a TGT, but the TGT has expired. The krbV code above does not check whether the ticket has expired; only that there is a ccache at all (by reading the default principal from it). And, the OP specifically asked about ticket expiration.