On Mon, Aug 15, 2005 at 03:46:31PM -0500, [EMAIL PROTECTED] wrote: > Thanks for setting me straight. So, I'm unclear on whether LDAP > authentication actually uses Kerberos in some underlying way > (via SASL), or whether it actually sends the password across the > network. Maybe I'm barking up the wrong tree by trying to use LDAP.
LDAP uses SASL which uses GSSAPI which uses Kerberos (I think :). In several of these cases, the path you're following is one of several plugins. I had a lot of trouble getting SASL binding to work from Python, at least on Linux, when I tried it a year ago. Your best bet may be to simply wrap kinit (to get a TGT) and ldapsearch with Python. You can see my eventual script (in Perl, not Python, because I couldn't get any Python module to do what I wanted) for doing a Kerberized LDAP search against Active Directory; there are Perl Kerberos bindings, I think, but I didn't bother using them, I just exec'ed kinit. <http://njr.pycs.net/weblog/2004/06/03.html#P28> -- Nicholas Riley <[EMAIL PROTECTED]> | <http://www.uiuc.edu/ph/www/njriley> _______________________________________________ Pythonmac-SIG maillist - Pythonmac-SIG@python.org http://mail.python.org/mailman/listinfo/pythonmac-sig
