add Kerberos delegation #5

Merged
merenber merged 2 commits from delegation into v1 1 year ago
Owner

This PR adds unconstrained Kerberos delegation to the API.

The client obtains a forwarded TGT and sends it, base64-encoded, in an HTTP header named 'X-KRB5-CRED'. The server reads this credential, creates a new credentials cache for the user, and stores the credential into the new cache. The server can now authenticate to other services (e.g. LDAP) over GSSAPI using the forwarded client's credentials.

This PR adds unconstrained Kerberos delegation to the API. The client obtains a forwarded TGT and sends it, base64-encoded, in an HTTP header named 'X-KRB5-CRED'. The server reads this credential, creates a new credentials cache for the user, and stores the credential into the new cache. The server can now authenticate to other services (e.g. LDAP) over GSSAPI using the forwarded client's credentials.
merenber added 1 commit 1 year ago
merenber requested review from r345liu 1 year ago
r345liu approved these changes 1 year ago
r345liu left a comment
Owner

Don't know much about Kerobos but the code looks good to me.

Don't know much about Kerobos but the code looks good to me.
README.md Outdated
Next, install and activate a virtualenv:
```sh
sudo apt install libkrb5-dev python3-dev
Owner

I also needed libsasl2-dev and libldap2-dev when I setup my environment

I also needed `libsasl2-dev` and `libldap2-dev` when I setup my environment
merenber added 1 commit 1 year ago
Poster
Owner

We're not using python-ldap anymore so libldap2-dev should no longer be necessary.

We're not using python-ldap anymore so libldap2-dev should no longer be necessary.
merenber merged commit d78d31eec0 into v1 1 year ago
merenber referenced this issue from a commit 1 year ago
merenber deleted branch delegation 1 year ago

Reviewers

r345liu approved these changes 1 year ago
The pull request has been merged as d78d31eec0.
Sign in to join this conversation.
No reviewers
No Label
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

No dependencies set.

Reference: public/pyceo#5
Loading…
There is no content yet.