Skip to main content

GSSAPI authentication for Django

Project description

GSSAPI authentication for Django

Provide GSSAPI (SPNEGO) authentication to Django applications.

It’s a rewrite of django-kerberos using python-gssapi.

It’s only tested with MIT Kerberos 5 using package k5test.

Python 2 and 3, Django >1.8 are supported.

Basic usage

Add this to your project urls.py:

url('^auth/gssapi/', include('django_gssapi.urls')),

And use the default authentication backend, by adding that to your settings.py file:

AUTHENTICATION_BACKENDS = (
    'django_gssapi.backends.GSSAPIBackend',
)

View

django-gssapi provide a base LoginView that you can subclass to get the behaviour your need, the main extension points are:

  • challenge() returns the 401 response with the challenge, you should override it to show a template explaining the failure,

  • success(user) it should log the given user and redirect to REDIRECT_FIELD_NAME,

  • get_service_name() it should return a gssapi.Name for your service, by default it returns None, so GSSAPI will match any name available (for example with Kerberos it will match any name in your keytab, like @HTTP/my.domain.com@).

Settings

To make your application use GSSAPI as its main login method:

LOGIN_URL = 'gssapi-login'

Your application need an environment where the GSSAPI mechanism like Kerberos will work, for Kerberos it means having a default keytab of creating one and setting its path in KRB5_KTNAME or you can use GSSAPI_STORE with MIT Kerberos 5 and credential store extension to indicate a keytab:

GSSAPI_STORE = {'keytab': 'FILE:/var/lib/mykeytab'}

You can also force a GSSAPI name for you service with:

import gssapi

GSSAPI_NAME = gssapi.Name('HTTP/my.service.com', gssapi.MechType.hostbased_service)

GSSAPI authentication backend

A dummy backend is provided in django_gssapi.backends.GSSAPIBackend it looks up user with the same username as the GSSAPI name. You should implement it for your use case.

A custom authentication backend must have the following signature:

class CustomGSSAPIBackend(object):
    def authenticate(self, request, gssapi_name):
        pass

The parameter gssapi_name is a gssapi.Name object, it can be casted to string to get the raw name.

Kerberos username/password backend

If your users does not have their browser configured for SPNEGO HTTP authentication you can also provide a classic login/password form which check passwords using Kerberos. For this use django_gssapi.backends.KerberosPasswordBackend, the username is used as the raw principal name.

django-rest-framework authentication backend

To authenticate users with GSSAPI you can use django_gssapi.drf.GSSAPIAuthentication, it uses the configured GSSAPI authentication backend to find an user and returns the GSSAPI name in request.auth.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-gssapi-0.9b2.tar.gz (8.6 kB view details)

Uploaded Source

Built Distribution

django_gssapi-0.9b2-py2.py3-none-any.whl (9.2 kB view details)

Uploaded Python 2 Python 3

File details

Details for the file django-gssapi-0.9b2.tar.gz.

File metadata

  • Download URL: django-gssapi-0.9b2.tar.gz
  • Upload date:
  • Size: 8.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.21.0 setuptools/41.0.0 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.16+

File hashes

Hashes for django-gssapi-0.9b2.tar.gz
Algorithm Hash digest
SHA256 5e4bac5566ab9fd3947f28860522e2976cd0246f6615c37e029d38ce9d88fdcc
MD5 dc81063546c644572fda4002e7c49c12
BLAKE2b-256 735de4867b3cf7e93c53b574feb04c051fa714dc3c3721c8675ba5950ac64fb1

See more details on using hashes here.

File details

Details for the file django_gssapi-0.9b2-py2.py3-none-any.whl.

File metadata

  • Download URL: django_gssapi-0.9b2-py2.py3-none-any.whl
  • Upload date:
  • Size: 9.2 kB
  • Tags: Python 2, Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/1.12.1 pkginfo/1.4.2 requests/2.21.0 setuptools/41.0.0 requests-toolbelt/0.8.0 tqdm/4.28.1 CPython/2.7.16+

File hashes

Hashes for django_gssapi-0.9b2-py2.py3-none-any.whl
Algorithm Hash digest
SHA256 07dcb9525d6a64ff39ba53014d92fbddeb9a293359d0e68ced8a278d033110b9
MD5 56cf656cf255400a10540695a25ff245
BLAKE2b-256 9ba677cc00cfa5d92c0ea0848c693fceebf01b97111707392d30a0e35b759d78

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page