Skip to main content

Windows Negotiate Authentication Client and Server

Project description

Python SPNEGO Library

Build Status

codecov

PyPI version

License

Library to handle SPNEGO (Negotiate, NTLM, Kerberos) and CredSSP authentication. Also includes a packet parser that can

be used to decode raw NTLM/SPNEGO/Kerberos tokens into a human readable format.

Requirements

See How to Install for more details

Optional Requirements

The following Python libraries can be installed to add extra features that do not come with the base package:

How to Install

To install pyspnego with all basic features, run

pip install pyspnego

Kerberos Authentication

While pyspnego supports Kerberos authentication on Linux, it isn't included by default due to its reliance on system

packages to be present.

To install these packages, run the below

# Debian/Ubuntu

apt-get install gcc python3-dev libkrb5-dev



# Centos/RHEL

yum install gcc python-devel krb5-devel



# Fedora

dnf install gcc python-devel krb5-devel



# Arch Linux

pacman -S gcc krb5

Once installed you can install the Python packages with

pip install pyspnego[kerberos]

Kerberos also needs to be configured to talk to the domain but that is outside the scope of this page.

While NTLM auth works out of the box, it is recommended to install the

gss-ntlmssp library for full Negotiate support. This can be done with

# Debian/Ubuntu

apt-get install gss-ntlmssp



# Centos/RHEL

yum install gssntlmssp



# Fedora

dnf install gssntlmssp



# Arch Linux

# AUR package https://aur.archlinux.org/packages/gss-ntlmssp/

How to Use

See the examples section for examples on how to use the authentication side of the library.

Note: While server/acceptor authentication is available for all protocols it is highly recommended you have the system GSSAPI and NTLM system libraries present for acceptor authentication. Pyspnego NTLM acceptor authentication should work but it is not as thoroughly tested as the GSSAPI implementation.

CredSSP Authentication

Since version 0.2.0, pyspnego can be used for CredSSP authentication. While this isn't part of the SPNEGO/Negotiate

protocol it uses common features and code like ASN.1 structures and even Negotiate auth as part of the CredSSP process.

Both initiate and accept usages are supported when specifying protocol='credssp' but there are no guarantees the

acceptor is free of any bugs so use with caution.

Backlog

  • Add support for anonymous authentication

  • See if pywinrm wants to use this

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

pyspnego-0.2.0.tar.gz (107.8 kB view hashes)

Uploaded Source

Built Distributions

pyspnego-0.2.0-py2.py3-none-any.whl (121.8 kB view hashes)

Uploaded Python 2 Python 3

pyspnego-0.2.0-cp39-cp39-win_amd64.whl (363.2 kB view hashes)

Uploaded CPython 3.9 Windows x86-64

pyspnego-0.2.0-cp39-cp39-win32.whl (343.9 kB view hashes)

Uploaded CPython 3.9 Windows x86

pyspnego-0.2.0-cp38-cp38-win_amd64.whl (363.9 kB view hashes)

Uploaded CPython 3.8 Windows x86-64

pyspnego-0.2.0-cp38-cp38-win32.whl (344.9 kB view hashes)

Uploaded CPython 3.8 Windows x86

pyspnego-0.2.0-cp37-cp37m-win_amd64.whl (361.2 kB view hashes)

Uploaded CPython 3.7m Windows x86-64

pyspnego-0.2.0-cp37-cp37m-win32.whl (341.6 kB view hashes)

Uploaded CPython 3.7m Windows x86

pyspnego-0.2.0-cp36-cp36m-win_amd64.whl (361.4 kB view hashes)

Uploaded CPython 3.6m Windows x86-64

pyspnego-0.2.0-cp36-cp36m-win32.whl (341.8 kB view hashes)

Uploaded CPython 3.6m Windows x86

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page