diff -rup koji-1.14.0.orig/koji/__init__.py koji-1.14.0/koji/__init__.py --- koji-1.14.0.orig/koji/__init__.py 2017-09-25 19:37:51.000000000 +0000 +++ koji-1.14.0/koji/__init__.py 2017-12-04 17:44:04.774853630 +0000 @@ -23,6 +23,7 @@ from __future__ import absolute_import +import copy import sys from six.moves import range from six.moves import zip @@ -2116,16 +2117,15 @@ class ClientSession(object): principal. The principal must be in the "ProxyPrincipals" list on the server side.""" - if principal is None and keytab is None and ccache is None: - try: - # Silently try GSSAPI first - if self.gssapi_login(proxyuser=proxyuser): - return True - except: - if krbV: - pass - else: - raise + try: + # Silently try GSSAPI first + if self.gssapi_login(principal, keytab, ccache, proxyuser=proxyuser): + return True + except: + if krbV: + pass + else: + raise if not krbV: raise PythonImportError( @@ -2203,7 +2203,7 @@ class ClientSession(object): return '%s/%s@%s' % (service, servername, realm) - def gssapi_login(self, proxyuser=None): + def gssapi_login(self, principal=None, keytab=None, ccache=None, proxyuser=None): if not HTTPKerberosAuth: raise PythonImportError( "Please install python-requests-kerberos to use GSSAPI." @@ -2220,10 +2220,18 @@ class ClientSession(object): # 60 second timeout during login sinfo = None + old_env = copy.copy(os.environ) old_opts = self.opts self.opts = old_opts.copy() self.opts['timeout'] = 60 - self.opts['auth'] = HTTPKerberosAuth() + kwargs = {} + if keytab: + os.environ['KRB5_CLIENT_KTNAME'] = keytab + if ccache: + os.environ['KRB5CCNAME'] = ccache + if principal: + kwargs['principal'] = principal + self.opts['auth'] = HTTPKerberosAuth(**kwargs) try: try: # Depending on the server configuration, we might not be able to @@ -2235,6 +2243,7 @@ class ClientSession(object): self.baseurl = old_baseurl finally: self.opts = old_opts + os.environ = old_env if not sinfo: raise AuthError('unable to obtain a session') Only in koji-1.14.0/koji: __init__.py.orig