High level interface to SSPI for Kerberos client auth
Project description
- Info:
See github for the latest source.
About
A native Kerberos client implementation for Python on Windows. This module mimics the API of pykerberos to implement Kerberos authentication with Microsoft’s Security Support Provider Interface (SSPI). It supports Python 3.8+.
Installation
WinKerberos is in the Python Package Index (pypi). Use pip to install it:
python -m pip install winkerberos
WinKerberos requires Windows 7 / Windows Server 2008 R2 or newer.
Building and installing from source
You must have the correct version of VC++ installed for your version of Python:
Python 3.8+ - Visual Studio 2015+ (Any version)
Once you have the required compiler installed, run the following command from the root directory of the WinKerberos source:
pip install .
Building HTML documentation
First install Sphinx:
python -m pip install Sphinx
Then run the following command from the root directory of the WinKerberos source:
pip install -e . python -m sphinx -b html doc doc/_build
Examples
This is a simplified example of a complete authentication session following RFC-4752, section 3.1:
import winkerberos as kerberos
def send_response_and_receive_challenge(response):
# Your server communication code here...
pass
def authenticate_kerberos(service, user, channel_bindings=None):
# Initialize the context object with a service principal.
status, ctx = kerberos.authGSSClientInit(service)
# GSSAPI is a "client goes first" SASL mechanism. Send the
# first "response" to the server and receive its first
# challenge.
if channel_bindings is not None:
status = kerberos.authGSSClientStep(ctx, "", channel_bindings=channel_bindings)
else:
status = kerberos.authGSSClientStep(ctx, "")
response = kerberos.authGSSClientResponse(ctx)
challenge = send_response_and_receive_challenge(response)
# Keep processing challenges and sending responses until
# authGSSClientStep reports AUTH_GSS_COMPLETE.
while status == kerberos.AUTH_GSS_CONTINUE:
if channel_bindings is not None:
status = kerberos.authGSSClientStep(
ctx, challenge, channel_bindings=channel_bindings
)
else:
status = kerberos.authGSSClientStep(ctx, challenge)
response = kerberos.authGSSClientResponse(ctx) or ""
challenge = send_response_and_receive_challenge(response)
# Decrypt the server's last challenge
kerberos.authGSSClientUnwrap(ctx, challenge)
data = kerberos.authGSSClientResponse(ctx)
# Encrypt a response including the user principal to authorize.
kerberos.authGSSClientWrap(ctx, data, user)
response = kerberos.authGSSClientResponse(ctx)
# Complete authentication.
send_response_and_receive_challenge(response)
Channel bindings can be generated with help from the cryptography module. See https://tools.ietf.org/html/rfc5929#section-4.1 for the rules regarding hash algorithm choice:
from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes
def channel_bindings(ssl_socket):
server_certificate = ssl_socket.getpeercert(True)
cert = x509.load_der_x509_certificate(server_certificate, default_backend())
hash_algorithm = cert.signature_hash_algorithm
if hash_algorithm.name in ("md5", "sha1"):
digest = hashes.Hash(hashes.SHA256(), default_backend())
else:
digest = hashes.Hash(hash_algorithm, default_backend())
digest.update(server_certificate)
application_data = b"tls-server-end-point:" + digest.finalize()
return kerberos.channelBindings(application_data=application_data)
Viewing API Documentation without Sphinx
Use the help function in the python interactive shell:
>>> import winkerberos
>>> help(winkerberos)
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distributions
File details
Details for the file winkerberos-0.12.0.tar.gz
.
File metadata
- Download URL: winkerberos-0.12.0.tar.gz
- Upload date:
- Size: 35.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | b19b9b8c87ab9dc76bb325f0dd4e93a2d669abc68d2283eec25ed67176ad7ad3 |
|
MD5 | 5708f757c02872f1c4a9a0c6de82a009 |
|
BLAKE2b-256 | 2d4f8db9aae372e88031877067a9d8da027d6e67454d233177cb49198ab216a5 |
File details
Details for the file winkerberos-0.12.0-cp312-cp312-win_amd64.whl
.
File metadata
- Download URL: winkerberos-0.12.0-cp312-cp312-win_amd64.whl
- Upload date:
- Size: 27.7 kB
- Tags: CPython 3.12, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 22db6871a842d16bb045d93440d0acc98d7690320acd7d7174ae36509ce78198 |
|
MD5 | 06069029e60fd7d1c229acae2e56395e |
|
BLAKE2b-256 | 01e90408c1abd6d599d61709ceecafdb0f8ff725e015b8c5444db62de6466b37 |
File details
Details for the file winkerberos-0.12.0-cp312-cp312-win32.whl
.
File metadata
- Download URL: winkerberos-0.12.0-cp312-cp312-win32.whl
- Upload date:
- Size: 25.4 kB
- Tags: CPython 3.12, Windows x86
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | f8a9dedd35eda764cd0591d050234a8f381c57a559c16a914de311ed426f6f50 |
|
MD5 | 7d264669e8f544ef92a5f62a14289ac2 |
|
BLAKE2b-256 | 126f1cab2c1685c3cb55a5a6b87c75df33def11b25cf01525021fa4f18c2ba24 |
File details
Details for the file winkerberos-0.12.0-cp311-cp311-win_amd64.whl
.
File metadata
- Download URL: winkerberos-0.12.0-cp311-cp311-win_amd64.whl
- Upload date:
- Size: 27.6 kB
- Tags: CPython 3.11, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 838fdab8f71905c5a80ee1c868e2c7f3c2fee233113e8e65cd989b353e9a980e |
|
MD5 | 9d60b212e539de59c92a85c89d09987d |
|
BLAKE2b-256 | 24ecd437a005207d3c66bdb22196f954d25716fea21b79d4873873a2cd836946 |
File details
Details for the file winkerberos-0.12.0-cp311-cp311-win32.whl
.
File metadata
- Download URL: winkerberos-0.12.0-cp311-cp311-win32.whl
- Upload date:
- Size: 25.3 kB
- Tags: CPython 3.11, Windows x86
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 35ed9eedc2551063758756724c345d906b4a68b8d31bc9fd6e935c1eb37c4a35 |
|
MD5 | 2a469514d40f7e2d7eb46f20d05830e4 |
|
BLAKE2b-256 | bf5b5799a0b7b3162b4476443b16c7a12a63ec3dbd9e9e2bf622c5833c27079b |
File details
Details for the file winkerberos-0.12.0-cp310-cp310-win_amd64.whl
.
File metadata
- Download URL: winkerberos-0.12.0-cp310-cp310-win_amd64.whl
- Upload date:
- Size: 27.6 kB
- Tags: CPython 3.10, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | e479a498ab1f93bde0c0eb880f2c68378272850db51b978c75e9d73148c44f9c |
|
MD5 | dacd4f0a7be2c042855e97f0b6fafe6b |
|
BLAKE2b-256 | 8d47c8e2138e51201f79f9adc73a13a6616c375d0490081b124e2d8eebf21711 |
File details
Details for the file winkerberos-0.12.0-cp310-cp310-win32.whl
.
File metadata
- Download URL: winkerberos-0.12.0-cp310-cp310-win32.whl
- Upload date:
- Size: 25.3 kB
- Tags: CPython 3.10, Windows x86
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | bb37e91f9959adbeb3c6ae25c828c1d033fa2b1b03176037d7bec0adfbb85b8f |
|
MD5 | 1acccad97a3839cf6683c1ecc1e20997 |
|
BLAKE2b-256 | 7b7169549a95c4077a35819b04f3179292eec7119903ec035995254a41a3622a |
File details
Details for the file winkerberos-0.12.0-cp39-cp39-win_amd64.whl
.
File metadata
- Download URL: winkerberos-0.12.0-cp39-cp39-win_amd64.whl
- Upload date:
- Size: 27.6 kB
- Tags: CPython 3.9, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 4ffe1b654884e169c88785aa3960cc8dc4f09b757d242b59b3022c632736d2cd |
|
MD5 | 39cde540cb549d377edc623338388c88 |
|
BLAKE2b-256 | 85a9c2319bcf270170ddb9c52105851d7565e6ce7266dc5a3e6cdf97fb6fe43b |
File details
Details for the file winkerberos-0.12.0-cp39-cp39-win32.whl
.
File metadata
- Download URL: winkerberos-0.12.0-cp39-cp39-win32.whl
- Upload date:
- Size: 25.3 kB
- Tags: CPython 3.9, Windows x86
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 987a16e5fff8b6e1cd2d1a52db92c51ba657a34e6c55b0b7d96247f512ed7444 |
|
MD5 | ca2cf3d94d927e699f8af70a5e9e76c2 |
|
BLAKE2b-256 | 7affb6cd850e9bed012d289cbcf1a2c9f70292c6d2664f65c0b6741877f0f7ec |
File details
Details for the file winkerberos-0.12.0-cp38-cp38-win_amd64.whl
.
File metadata
- Download URL: winkerberos-0.12.0-cp38-cp38-win_amd64.whl
- Upload date:
- Size: 27.6 kB
- Tags: CPython 3.8, Windows x86-64
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | fc3c472b964792e70dd9dbc0825259ac780e9f8649a1c9dc26a9b07a02618a6f |
|
MD5 | f85a9b650e80fd0265a29696ada5b227 |
|
BLAKE2b-256 | af69e6e5eb3360f2595c3c44de6b7306ff1b3b8e5bc7c78679f8a0bb39bd8b39 |
File details
Details for the file winkerberos-0.12.0-cp38-cp38-win32.whl
.
File metadata
- Download URL: winkerberos-0.12.0-cp38-cp38-win32.whl
- Upload date:
- Size: 25.3 kB
- Tags: CPython 3.8, Windows x86
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/5.1.1 CPython/3.12.6
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | ac7eb018c327b38636cb0b05d6c7089ddc64336495156afaa8d029e44806d188 |
|
MD5 | a88f001fe6e2a98529b15f1a14095c53 |
|
BLAKE2b-256 | 0274136b047f873e49d30d183bdc5709d2c5408cb2f57076fb53d0967c2ed74e |