The krb5 module provides Kerberos V5 services to Python. The detailed Kerberos API is hidden behind a more intelligible API that can be used from Python. Understanding Kerberos is required before this module can be used effectively.
Only two objects really need to be exposed to the Python programmer: the Principal and the Authentication Context. The Authentication Context comes in two varieties, one for use with UDP-based channels and another for TCP connections. The API for the TCP variety is a superset of the API for the UDP flavor.
For all krb5 operations, a single exception has been defined:
try: krb5.send_auth(...) except krb5.Krb5Error, (err_code, message): print "Failed:", message
Some Krb5Error exceptions are raised with an err_code of 0; these are not a mistake! These are real errors which don't have specific error code assignments from Kerberos. The message attribute holds an explanation in all cases.
Note that socket.error may be raised by some functions and methods if appropriate.