Python script that can be installed on a FreeIPA server to facilitate API access by external clients, without mucking around with Kerberos certificates for the external client. A typical use case might be that you are prototyping against the excellent, but poorly documented FreeIPA JSON API.
Install the dependencies:
$ pip install -r requirements.txt
Environment variables must be set on the target box, eg:
$ export FREEIPA_URL=https://your.freeipa.net/
$ export KRB_PRINCIPAL=admin
$ export KRB_PASSWORD=password
Run the software:
$ python backdoor.py 8081
Congratulations. Your external client can now access the FreeIPA JSON API on port 8081.
The script exposes an /api endpoint served by bottle.py. When the endpoint receives a JSON request it calls kinit via a subprocess on the server. Finally the json request is passed through to the api using curl and response is served directly back to the /api endpoint.