SoFunction
Updated on 2024-11-21

Python implementation of Kerberos user addition, deletion and modification operations

1, first simulate python similar shell command line operation interface:

python install subprocess (local), paramiko (SSH remote)

#-*- coding: UTF-8 -*-
#!/usr/bin/python
import os, sys
import subprocess
import paramiko
import settings
 
class RunCmd(object):
 def __init__(self):
   = 'ls'
 
 @staticmethod
 def local_run(cmd):
  print('start executing...')
  print('cmd is -------> %s' % str(cmd))
  s = (str(cmd), shell=True, stdin=, stdout=, stderr=)
  out, err = ()
  print("outinfo is -------> %s" % out)
  print("errinfo is -------> %s" % err)
  print('finish executing...')
  print('result:------> %s' % )
  return 
 
 @staticmethod
 def remote_run(host, username, password, port, cmd):
  client = ()
  client.set_missing_host_key_policy(())
  (hostname=host, port=int(port), username=username, password=password, timeout=5)
  stdin, stdout, stderr = client.exec_command(cmd)
  result = ()
  ()
  return result
 
 @staticmethod
 def krb_run(cmd):
  print('krb_run start...')
  print('cmd is -------> %s' % str(cmd))
  result = RunCmd.remote_run(settings.KRB_HOST, , , , cmd)
  print('result:------> %s' % result)
  print('krb_run finish...')
  return result

2, Kerberos commonly used command operations encapsulated into an interface, other simple. But the need to interact is to delete principal

 def delete_user(self, username):
  cmd = r"""
   expect -c "
   set timeout 1;
   spawn  -q \"delete_principal {principal}\" ;
   expect yes/no {{ send \"yes\r\" }} ;
   expect *\r
   expect \r
   expect eof
   "
  """.format(principal=username)
  RunCmd.krb_run(cmd)

Additional knowledge: python manipulation of hive libraries with Kerberos certification

Previously accessing hive was relatively simple, just connect directly with pyhive.

But recently ran into a problem with hive having Kerberosren certification.

Eventually, after various attempts and bursts of inspiration, I finally solved the problem, so I recorded it.

coding

from  import connect
con = connect(host='XXXX',port=10000,auth='KERBEROS',kerberos_service_name="hive")
cursor = ()
('select * from tmp.pricing_calculate_result_spark where time_ limit 10,1')
datas = ()
print(datas)
()
()

Change the port and ip to your own, and leave auth and kerberos_service_name unchanged.

operational effect

The above is a personal experience, I hope it can give you a reference, and I hope you can support me more. If there is any mistake or something that has not been fully considered, please do not hesitate to advise me.