Skip to main content

High level interface to SSPI for Kerberos client auth

Project description

Info:

See github for the latest source.

Author:

Bernie Hackett <bernie@mongodb.com>

About

A native Kerberos SSPI client implementation. This module mimics the API of pykerberos to implement Kerberos SSPI authentication on Microsoft Windows. It supports Python 2.6, 2.7, and 3.3+.

Installation

WinKerberos is in the Python Package Index (pypi). Use pip to install it:

python -m pip install winkerberos

Building and installing from source

You must have the correct version of VC++ installed for your version of Python:

  • Python 2.6 - Visual Studio 2008 (Professional for 64bit)

  • Python 2.7 - Visual Studio 2008 (Professional for 64bit)

  • Python 3.3 - Visual Studio 2010 (Professional for 64bit)

  • Python 3.4 - Visual Studio 2010 (Professional for 64bit)

  • Python 3.5+ - Visual Studio 2015 (Any version)

The Microsoft Visual C++ Compiler for Python 2.7 could also be used to build for Python 2.6 and 2.7.

Once you have the required compiler installed, just run the following command:

python setup.py install

Examples

This is a simplified example of a complete authentication session following RFC-4752, section 3.1:

import winkerberos as kerberos

def send_response_and_receive_challenge(response):
    # Your server communication code here...
    pass

def authenticate_kerberos(service, user):
    # Initialize the context object with a service principal.
    status, ctx = kerberos.authGSSClientInit(service)

    # GSSAPI is a "client goes first" SASL mechanism. Send the
    # first "response" to the server and recieve its first
    # challenge.
    status = kerberos.authGSSClientStep(ctx, "")
    response = kerberos.authGSSClientResponse(ctx)
    challenge = send_response_and_receive_challenge(response)

    # Keep processing challenges and sending responses until
    # authGSSClientStep reports AUTH_GSS_COMPLETE.
    while status == kerberos.AUTH_GSS_CONTINUE:
        status = kerberos.authGSSClientStep(ctx, challenge)
        response = kerberos.authGSSClientResponse(ctx) or ''
        challenge = send_response_and_receive_challenge(response)

    # Decrypt the server's last challenge
    kerberos.authGSSClientUnwrap(ctx, challenge)
    data = kerberos.authGSSClientResponse(ctx)
    # Encrypt a response including the user principal to authorize.
    kerberos.authGSSClientWrap(ctx, data, user)
    response = kerberos.authGSSClientResponse(ctx)

    # Complete authentication.
    send_response_and_receive_challenge(response)

Documentation

Use the help function in the python interactive shell:

>>> import winkerberos
>>> help(winkerberos)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

winkerberos-0.3.0.zip (35.4 kB view hashes)

Uploaded Source

Built Distributions

winkerberos-0.3.0-cp35-cp35m-win_amd64.whl (17.0 kB view hashes)

Uploaded CPython 3.5m Windows x86-64

winkerberos-0.3.0-cp35-cp35m-win32.whl (14.7 kB view hashes)

Uploaded CPython 3.5m Windows x86

winkerberos-0.3.0-cp34-cp34m-win_amd64.whl (14.6 kB view hashes)

Uploaded CPython 3.4m Windows x86-64

winkerberos-0.3.0-cp34-cp34m-win32.whl (13.4 kB view hashes)

Uploaded CPython 3.4m Windows x86

winkerberos-0.3.0-cp33-cp33m-win_amd64.whl (14.6 kB view hashes)

Uploaded CPython 3.3m Windows x86-64

winkerberos-0.3.0-cp33-cp33m-win32.whl (13.4 kB view hashes)

Uploaded CPython 3.3m Windows x86

winkerberos-0.3.0-cp27-cp27m-win_amd64.whl (15.2 kB view hashes)

Uploaded CPython 2.7m Windows x86-64

winkerberos-0.3.0-cp27-cp27m-win32.whl (13.6 kB view hashes)

Uploaded CPython 2.7m Windows x86

winkerberos-0.3.0-cp26-cp26m-win_amd64.whl (15.5 kB view hashes)

Uploaded CPython 2.6m Windows x86-64

winkerberos-0.3.0-cp26-cp26m-win32.whl (13.8 kB view hashes)

Uploaded CPython 2.6m Windows x86

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page