Talking to FreeIPA with python-requests

The code that Rich M gave me a while back has bit rotted. At some point, I need to get an updated version, but until then, I can continue to talk to the FreeIPA server using Python and the Requests library. In the future, I can get a session cookie, but for now, python3-request-gssapi will work to authenticate me, provided I have a valid TGT.

I pulled the requests-gssapi library from Koji, as it does not currently ship in any of the RHEL8 repos. Here is the one I installed.

https://koji.fedoraproject.org/koji/buildinfo?buildID=1371255

Note that this quick-and-dirty code runs on the IPA server itself. A better approach would be to read the Server name out of /etc/ipa/default.conf.

#!/bin/python3
import requests
from requests_gssapi import HTTPSPNEGOAuth
import socket
hostname = socket.gethostname()
url = "https://%s/ipa/json" % hostname
referer =  "https://%s/ipa" % hostname
body = {"method":"user_find","params":[[""],{}],"id":0}
 
r = requests.post(url,
                  json = body,
                  auth=HTTPSPNEGOAuth(),
                  headers = {
                    'Content-Type': 'application/json',
                    'Accept': 'applicaton/json',
                    'referer': referer})
print(r.status_code)
if r.status_code  == 200:
    print(r.text)

Using mod_auth_gssapi via Podman

Kerberos is a cryptographically secure authentication mechanism in use in many large organizations. Developers may want to make their applications work with Kerberos while developing inside containers. Here is a quick proof-of-concept that shows how to set up a container to work with mod_auth_gssapi., the Apache module that makes use of Kerberos.

Continue reading

Running OpenStack components on RHEL with Software Collections

The Python world has long since embraced Python3.  However, the stability guarantees of RHEL have limited it to Python2.7 as the base OS.  Now that I am running RHEL on my laptop, I have to find a way to work with Python 3.5 in order to contribute to OpenStack.  To further constrain myself, I do not want to “pollute” the installed python modules by using PIP to mix and match between upstream and downstream.  The solution is the Software Collections version of Python 3.5.  Here’s how I got it to work.

Continue reading