nextuppreviouscontents
Next: 1.1 Kerberos Principals Up: Using Kerberos from Python Previous: Contents

1. Extension Module krb5

 

The krb5 module provides Kerberos V5 services to Python. The detailed Kerberos API is hidden behind a more intelligible API that can be used from Python. Understanding Kerberos is required before this module can be used effectively.

Only two objects really need to be exposed to the Python programmer: the Principal and the Authentication Context. The Authentication Context comes in two varieties, one for use with UDP-based channels and another for TCP connections. The API for the TCP variety is a superset of the API for the UDP flavor.

For all krb5 operations, a single exception has been defined:

Krb5Error
Raised when a Kerberos-specific error is raised. Instances have two attributes: err_code is the numeric error code returned by the Kerberos library, and message is the standard error message provided by the error_message() function used within Kerberos. These values may also be retrieved by unpacking the exception instance: 

try:
    krb5.send_auth(...)
except krb5.Krb5Error, (err_code, message):
    print "Failed:", message

Some Krb5Error exceptions are raised with an err_code of 0; these are not a mistake! These are real errors which don't have specific error code assignments from Kerberos. The message attribute holds an explanation in all cases.

Note that socket.error may be raised by some functions and methods if appropriate.

nextuppreviouscontents
Next: 1.1 Kerberos Principals Up: Using Kerberos from Python Previous: Contents