diff --git a/Script/CastorScript.py b/Script/CastorScript.py
index bd397dd52deb9506edea888e25fce39f5f3dee70..577c6cd2ddd8dc34067d92cd873049fdff4f09ba 100755
--- a/Script/CastorScript.py
+++ b/Script/CastorScript.py
@@ -21,6 +21,7 @@ from time import time
import threading
import os.path
from os import environ, getenv, umask
+import datetime
import signal
import logging, logging.handlers
from utils import set_log_level,formatter
@@ -193,10 +194,16 @@ def main(conf):
if conf.ERSenabled:
check.start()
logger.info('Manager,Copy, Delete and Check Threads started')
+
+ ##### Setup Kerberos if needed #####
+ if conf.keytab:
+
+ krb_setcache(conf.krbcache,logger)
+ krb_exp = krb_updatetoken(conf.keytab, conf.krbuser, logger)
##### Every DBTimeout check if connection to Oracle database is still good #####
while not exitFlag:
- #signal.pause()
+
logger.info('Check for connection to Metadata Database')
#Keep always a fresh connection
@@ -215,6 +222,7 @@ def main(conf):
db = checkDB(db,logger,dblogger,parser)
event.wait(DBTimeout)
+
##### If update signal, update configuration #####
if confFlag:
conf = Conf.Conf(sys.argv[1])
@@ -233,7 +241,12 @@ def main(conf):
logger.info('Configuration updated')
# end if
-
+ # Update KRB token, if needed:
+ if conf.keytab:
+ now = datetime.datetime.now()
+ if now >= krb_exp or (krb_exp-now).seconds < 3600:
+ krb_exp = krb_updatetoken(conf.keytab, conf.krbuser, logger)
+
#Check worker states
if not (manager.isAlive() and copy.isAlive() and delete.isAlive()):
logger.warning('Inconsistent worker states. Manager-->%s Copy-->%s Delete-->%s. Exiting!' \
@@ -306,6 +319,50 @@ def checkDB(db,logger,dblogger,parser):
# end checkDB()
+def krb_setcache(krbcachefile, logger):
+ try:
+ os.environ['KRB5CCNAME'] = krbcachefile
+ except TypeError as ex:
+ logger.warning('KRB Cache file setting failed: %s ' % str(ex))
+
+
+def krb_updatetoken(keytab, user, logger):
+ kinit = Popen(['kinit','-kt',keytab,user],#'-l','100s',
+ stdout = PIPE, stderr = STDOUT)
+ ret = kinit.wait()
+
+ if ret:
+ logger.warning('kinit failed. Ret code: %d Output: %s' % \
+ (ret, kinit.stdout.read()))
+ return None
+ else:
+ logger.debug('kinit succeeded. Output: %s' % kinit.stdout.read())
+ return fetch_kbr_token_expiration(logger)
+
+
+
+def krb_tokenexpiration(logger):
+
+ klist = Popen(['klist',],
+ stdout = PIPE, stderr = STDOUT)
+ ret = klist.wait()
+
+ out = klist.stdout.read()
+ logger.debug('klist done. Return code: %d Output: %s' % (ret,out))
+
+ out = klist.stdout.read()
+ out = out.split('\n')
+ for idx,l in enumerate(out):
+ if 'Valid' in l:
+ ticket = out[idx+1]
+ break
+
+ ticket = ticket.split()
+ logger.debug('Ticket expiration: %s' % ticket)
+ return datetime.datetime.strptime(' '.join(ticket[2:4]), \
+ '%m/%d/%y %H:%M:%S')
+
+
if __name__ == '__main__':
main(conf)
diff --git a/Script/Conf.py b/Script/Conf.py
index 5dfe485fd4881b963cbb6ba7ac7fa6c269f9265b..ad3b8075fb630b2cb8f2815d52c53be51262cccc 100755
--- a/Script/Conf.py
+++ b/Script/Conf.py
@@ -127,6 +127,22 @@ class Conf:
except AttributeError:
pass
+ #Kerberos Auth
+ try:
+ self.keytab = cfg.Keytab
+ except AttributeError:
+ self.keytab = None
+
+ try:
+ self.krbuser = cfg.KrbUser
+ except AttributeError:
+ self.krbuser = None
+
+ try:
+ self.krbcache = cfg.KrbCache
+ except AttributeError:
+ self.krbcache = None
+
########## MANAGER THREAD ##########