Remove unused Kerberos configuration options

This is some leftover code that was missed in 9fd3731ff7.
2026-04-05 03:38:12 +08:00 · 2019-11-05 15:06:02 -05:00
parent e2155b58db
commit 8dc20c1731
2 changed files with 2 additions and 32 deletions
--- a/README.rst
+++ b/README.rst
@@ -906,16 +906,11 @@ Setting Up Kerberos + LDAP Authentication
 =========================================

 MBS defaults to using OIDC as its authentication mechanism. It additionally
-supports Kerberos + LDAP, where Kerberos proves the user's identity and LDAP
-is used to determine the user's group membership. To configure this, the following
+supports Kerberos (through mod_auth_gssapi) + LDAP, where Kerberos proves the user's identity
+and LDAP is used to determine the user's group membership. To configure this, the following
 must be set in ``/etc/module-build-service/config.py``:

 - ``AUTH_METHOD`` must be set to ``'kerberos'``.
- ``KERBEROS_HTTP_HOST`` can override the hostname MBS will present itself as when
-  performing Kerberos authentication. If this is not set, Python will try to guess the
-  hostname of the server.
- ``KERBEROS_KEYTAB`` is the path to the keytab used by MBS. If this is not set,
-  the environment variable ``KRB5_KTNAME`` will be used.
 - ``LDAP_URI`` is the URI to connect to LDAP (e.g. ``'ldaps://ldap.domain.local:636'``
  or ``'ldap://ldap.domain.local'``).
 - ``LDAP_GROUPS_DN`` is the distinguished name of the container or organizational unit where groups
--- a/module_build_service/config.py
+++ b/module_build_service/config.py
@@ -373,22 +373,6 @@ class Config(object):
            "default": "oidc",
            "desc": "Authentiation method to MBS. Options are oidc or kerberos",
        },
-        "kerberos_http_host": {
-            "type": str,
-            "default": "",
-            "desc": (
-                "Hardcodes the HTTP host MBS identifies as in Kerberos. If this isn't set, "
-                "it will be derived dynamically."
-            ),
-        },
-        "kerberos_keytab": {
-            "type": str,
-            "default": "",
-            "desc": (
-                "Overrides the use of the environment variable KRB5_KTNAME, which specifies "
-                "the location to the Kerberos keytab for authentication."
-            ),
-        },
        "ldap_uri": {
            "type": str,
            "default": "",
@@ -824,15 +808,6 @@ class Config(object):
                raise ValueError("ldap3 is required for kerberos authz")
        self._auth_method = s.lower()

-    def _setifok_kerberos_keytab(self, s):
-        keytab = str(s)
-        if keytab:
-            keytab = os.path.expanduser(keytab)
-            if not os.path.exists(keytab):
-                raise ValueError("The path set for KERBEROS_KEYTAB does not exist")
-
-        self._kerberos_keytab = keytab
-
    def _setifok_ldap_uri(self, s):
        ldap_uri = str(s)