I am wondering if anyone has an elegant solution to validate a valid Kerberos ticket using Python. In any case, I donβt see a kinit or klist that will show if the ticket with the return code has expired, but I could run klist and use the regex for output.
kinit
klist
You have two options: the first is to use "klist -s" and check the return code. A more pleasant option is to use the python-krbV module :
import krbV def has_ticket(): ''' Checks to see if the user has a valid ticket. ''' ctx = krbV.default_context() cc = ctx.default_ccache() try: princ = cc.principal() retval = True except krbV.Krb5Error: retval = False return retval
Another option is to check the exit status of the list 'klist -s' looks shorter and does not use krbV:
import subprocess def has_kerberos_ticket(): return True if subprocess.call(['klist', '-s']) == 0 else False