GSSAPI authentication for Django
Project description
GSSAPI authentication for Django
Provide GSSAPI (SPNEGO) authentication to Django applications.
It’s a rewrite of django-kerberos using python-gssapi.
It’s only tested with MIT Kerberos 5 using package k5test.
Python 2 and 3, Django >1.8 are supported.
Basic usage
Add this to your project urls.py:
url('^auth/gssapi/', include('django_gssapi.urls')),
And use the default authentication backend, by adding that to your settings.py file:
AUTHENTICATION_BACKENDS = ( 'django_gssapi.backends.GSSAPIBackend', )
View
django-gssapi provide a base LoginView that you can subclass to get the behaviour your need, the main extension points are:
challenge() returns the 401 response with the challenge, you should override it to show a template explaining the failure,
success(user) it should log the given user and redirect to REDIRECT_FIELD_NAME,
get_service_name() it should return a gssapi.Name for your service, by default it returns None, so GSSAPI will match any name available (for example with Kerberos it will match any name in your keytab, like @HTTP/my.domain.com@).
Settings
To make your application use GSSAPI as its main login method:
LOGIN_URL = 'gssapi-login'
Your application need an environment where the GSSAPI mechanism like Kerberos will work, for Kerberos it means having a default keytab of creating one and setting its path in KRB5_KTNAME or you can use GSSAPI_STORE with MIT Kerberos 5 and credential store extension to indicate a keytab:
GSSAPI_STORE = {'keytab': 'FILE:/var/lib/mykeytab'}
You can also force a GSSAPI name for you service with:
import gssapi GSSAPI_NAME = gssapi.Name('HTTP/my.service.com', gssapi.MechType.hostbased_service)
GSSAPI authentication backend
A dummy backend is provided in django_gssapi.backends.GSSAPIBackend it looks up user with the same username as the GSSAPI name. You should implement it for your use case.
A custom authentication backend must have the following signature:
class CustomGSSAPIBackend(object): def authenticate(self, request, gssapi_name): pass
The parameter gssapi_name is a gssapi.Name object, it can be casted to string to get the raw name.
Kerberos username/password backend
If your users does not have their browser configured for SPNEGO HTTP authentication you can also provide a classic login/password form which check passwords using Kerberos. For this use django_gssapi.backends.KerberosPasswordBackend, the username is used as the raw principal name.
django-rest-framework authentication backend
To authenticate users with GSSAPI you can use django_gssapi.drf.GSSAPIAuthentication, it uses the configured GSSAPI authentication backend to find an user and returns the GSSAPI name in request.auth.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file django-gssapi-0.9b2.tar.gz
.
File metadata
- Download URL: django-gssapi-0.9b2.tar.gz
- Upload date:
- Size: 8.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.21.0 setuptools/41.0.0 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.16+
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5e4bac5566ab9fd3947f28860522e2976cd0246f6615c37e029d38ce9d88fdcc |
|
MD5 | dc81063546c644572fda4002e7c49c12 |
|
BLAKE2b-256 | 735de4867b3cf7e93c53b574feb04c051fa714dc3c3721c8675ba5950ac64fb1 |
File details
Details for the file django_gssapi-0.9b2-py2.py3-none-any.whl
.
File metadata
- Download URL: django_gssapi-0.9b2-py2.py3-none-any.whl
- Upload date:
- Size: 9.2 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.21.0 setuptools/41.0.0 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.16+
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 07dcb9525d6a64ff39ba53014d92fbddeb9a293359d0e68ced8a278d033110b9 |
|
MD5 | 56cf656cf255400a10540695a25ff245 |
|
BLAKE2b-256 | 9ba677cc00cfa5d92c0ea0848c693fceebf01b97111707392d30a0e35b759d78 |