Django GSSAPI SPNEGO
Project description
A Django application for adding Kerberos/GSS authentication to your existing backend
This Django application provides some View and Mixin classes along with a backend Mixin class to extend your existing AuthenticationBackend with SPNEGO-based authentication.
This provides additional flexibility over a Middleware solution that would require all users to use/support SPNEGO all of the time, and just utilize GSSAPI on a specific login page to create a login session as an alternative to typing in a username and password.
Prereqs
A working Kerberos KDC (MIT, Windows AD, Heimdall, whatever)
A SPN for your application server(s)
A method for mapping Kerberos Principals to User objects in your backend
Installation
You can install the pre-release development version from PyPi by specifying the exact version to pip:
pip install django-gss-spnego==21.10.0dev
Once an official release is uploaded, you will not have to specify an exact version.
Configuration
The following settings must be present:
django_gss_spnego in settings.INSTALLED_APPS
settings.KERBEROS_SPN may be set to SERVICENAME@HOSTNAME ie HTTP@django-server. Setting it to “” means “try all SPNs in the host keytab”
Environment variables to control your KRB5 installation. See the kerberos env documentation for details.
Usage
Mix django_gss_spnego.backends.SpnegoBackendMixin into your backend class(es) of choice. Ensure those backends can resolve a User object from a kerberos principal name.
from django_auth_ldap.backend import LDAPBackend
from django_gss_spnego.backends import SpnegoBackendMixin
class MyBackendClass(SpnegoBackendMixin, LDAPBackend):
def get_user_from_username(self, username):
return self.populate_user(username)
Register aforementioned backend class in settings.AUTHENTICATION_BACKENDS
Create a view somewhere on your site that uses SpnegoAuthMixin, and add it to your URL router. If using one of the provided CBV View classes, also include django_gss_spnego and django.contrib.admin in your settings.INSTALLED_APPS for access to the spnego.html template.
from django_gss_spnego.views import SpnegoView
urls.append(r"^auth/spnego$", SpnegoView.as_view(), name="spnego")
Acquire a ticket, and point your favorite supported client at the endpoint
import requests_gssapi
import requests
auth = requests_gssapi.HTTPSPNEGOAuth()
sess = requests.session()
sess.auth = auth
sess.get("http://localhost/auth/spnego")
sess.get("http://localhost/page/that/requires/authorized_user")
Acknowledgements
Matt Magin (AzMoo) for writing a similar Middleware
License
Apache 2.0 – see the LICENSE file for more detail
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-gss-spnego-21.10.0.dev0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | a90948965348d79b3e2ba75ae5f8e83cf8066a84582d3d1f0eda989ed1a69365 |
|
MD5 | ea4ac5614e694575ad275a9be08aa172 |
|
BLAKE2b-256 | 6f5f5496dfce8c4c3bfcdd3d7fda7667fc275c0e35912e58cbfdc485e18d4e7e |
Hashes for django_gss_spnego-21.10.0.dev0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5534e0c48b9e71fcc7e11176878c030e2ec280e1ad1eba5981363cd73fb54531 |
|
MD5 | 61fe878cace3eef96f85dab6f7bb3f91 |
|
BLAKE2b-256 | 68f9b7c5b194f198c757f8e3d1c2f038637ef0001ccab153b8eb9f961920e549 |