Python, Kerberos and ticket forwarding ..... please help

message adams message.adams at
Mon Jul 22 04:49:44 EDT 2013

Hi all;

Over a number of weeks now I've been trying to set up a demonstration, to
show MIT Kerberos working between a number of machines. Unfortunately this
Friday (26th) I'm scheduled to give a presentation, but I'm missing one
last vital component - ticket forwarding.

My basic set up is:
  Redhat 6
  MIT 5
  Python 2.7.x
  client's ticket is already configured as F 'forwardable'

Using the Python MIT wrapper ( I've
successfully created clients and a Tornado server - and can happily
demonstrate authentication between the two end points. My goal, however, is
to use ticket forwarding, I.e.

client -> web server -> service

... where the "web server" authenticates the client, and then forwards the
client's credentials onto the 'service'. The service then authenticates
against the original client's credentials and returns data if user
is appropriately authorised.

Maybe I've looked in all the wrong places, but after weeks of searching, I
just cannot find any examples or discussions, describing how to forward the
client's credentials?

As time was running out, as a last resort I thought I'd throw the question
out to the experts (you guys:-). I know you are all busy, but I would
really appreciate any guidance, or ideally some example code, to
demonstrate how the Python Kerberos wrapper can be used to forward a
client's ticket. (Note - the client's ticket is already configured as F

Any help would be gratefully received. All the very best,

More information about the krbdev mailing list