Colors of Noise

agx@sigxcpu.org

krb5-auth-dialog: DBUS signals and plugins
3rd May 2010

Krb5-auth-dialog now sends DBus signals when you acquire or renew your Kerberos ticket granting ticket and when the ticket expires. When using OpenAFS This can e.g. be used to trigger a call to aklog on ticket renewal. It's simple to catch the DBus signals from a Python script:

import dbus
bus = dbus.SessionBus()
bus.add_signal_receiver(tgt_renewed_handler, dbus_interface = "org.gnome.KrbAuthDialog", signal_name = "krb_tgt_renewed")
bus.add_signal_receiver(tgt_acquired_handler, dbus_interface = "org.gnome.KrbAuthDialog", signal_name = "krb_tgt_acquired")
bus.add_signal_receiver(tgt_expired_handler, dbus_interface = "org.gnome.KrbAuthDialog", signal_name = "krb_tgt_expired")

The tgt_*_handler will then be called when the signal is received. The shipped Python example allows to execute a script already:

tgt-signals.py -q --acquired-action=aklog --renewed-action=aklog

Krb5-auth-dialog also got a plugin system so you could use a loadable module for these kind of things instead. It already ships a PAM plugin that can be used to run some typical actions like calling pam-afs-session or getting kx509 set up.

You need to tell krb5-auth-dialog which plugins to load via gconf. To load the dummy and PAM plugins use:

gconftool-2 --set --list-type=string --type=list /apps/krb5-auth-dialog/plugins/enabled [pam,dummy]

Since I'm not using AFS or kx509 myself I'd be interested to know if this works out as expected.

If you want to write your one plugins you can use the dummy plugin as a basis.

A package with the above enabled has been uploaded to Debian experimental.

Tags: debian, gnome, single-sign-on.

RSS feed