HTTP Negotiate (SPNEGO) proxy authentication support for applications.
Project description
HTTP Negotiate (SPNEGO) proxy authentication support for applications. This allows applications that do not support HTTP proxies or do not support HTTP proxies with Negotiate authentication to allow them to safely traverse corporate firewalls without whitelisting IP addresses or MAC addresses and rather relying on secure user authentication. This tool is not intended to bypass firewall or proxy restrictions, in fact this tool was designed for better corporate security and centralized control.
Installation
Install the easy way through PyPi:
$ pip install proxy-negotiate
Or alternatively download and build yourself:
$ git clone https://github.com/cour4g3/proxy-negotiate $ cd proxy-negotiate $ python setup.py install
Usage
On Windows you need to be connected to a domain or alternatively running the MIT Kerberos Ticket Manager, on Linux you need to install and setup the MIT or Heimdal Kerberos client/workstation tools.
nc-negotiate
A netcat-like implementation for use with programs such as SSH; now by simply using ProxyCommand, SSH can safely traverse the proxy through an HTTP CONNECT TCP tunnel.
$ nc-negotiate host port [proxy_host] [proxy_port]
Example of usage with ssh command line:
$ ssh -o ProxyCommand=”nc-negotiate %h %p” myexternalhost.com
Or in your ~/.ssh/config:
- Host myexternalhost.com:
ProxyCommand nc-negotiate %h %p
proxy-negotiate
For applications that support proxies but don’t support authentication or don’t support Negotiate, this acts a pseudo-proxy that applies the correct Authorization headers and then passes the connection request on:
$ proxy-negotiate [port] [proxy_host] [proxy_port]
Then set your proxy configuration in your application or alternatively your proxy environment variables:
$ export HTTP_PROXY=http://localhost:8080
Now your application will correctly authenticate through the proxy without knowing how to. It also means no network passwords floating around in arbitary configuration files.
## Todo
Better parsing of the http_proxy and other proxy environment variables.
Consider methods to route requests from applications that do not support proxies at all.
## License
Licensed under the MIT License.
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file Proxy-Negotiate-0.2.2.tar.gz
.
File metadata
- Download URL: Proxy-Negotiate-0.2.2.tar.gz
- Upload date:
- Size: 5.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | cc328a61e719f938d82b54a55c65c50853451b62d7fd515c0aec584f29e27782 |
|
MD5 | fab184fd65aff556e0c1818a13df06a7 |
|
BLAKE2b-256 | 4a4522ca98d547e428ce5b75fd52afba33253ad59f78b5e464650eceaeda65b5 |