Custom kinit python

Greg Hudson ghudson at
Thu Sep 4 11:54:24 EDT 2014

On 09/04/2014 03:37 AM, Peter Mogensen wrote:
> Doing a Python version will require first to decide whether you want to 
> build the whole ASN.1/crypto handling protocol stuff in Python starting 
> from RFC 3961/3962/4120 or you want to only code the actual cmd-line 
> tool and use a python wrapper around libkrb5 (or some other Kerberos 
> library) to do the actual protocol stuff.

In terms of pure Python implementations, I'm aware of two partial

* Marc Horowitz's pykrb5 at  This has kinit/klist/kdestroy/kvno
equivalents, but only supports DES and 3DES crypto.  pykrb5 uses pyasn1
and pyDes.

* My own pyk5 at  This isn't likely
evolve into anything user-facing as it's designed for eventual use in
the MIT krb5 test suite, and right now it doesn't have anything besides
RFC 3961 crypto and ASN.1 encoding.  But the crypto does have support
for modern enctypes.  pyk5 pyasn1 and PyCrypto.

Using bindings as Peter suggested is probably more practical right now,
depending on your needs.

More information about the krbdev mailing list