public
/
pyceo
23
1
Fork 3
Code Issues 26 Pull Requests 5 Projects Releases 1 Wiki Activity

add Kerberos delegation #5

Merged
merenber merged 2 commits from delegation into v1 2021-08-18 15:39:14 -04:00
Conversation 1 Commits 2 Files Changed 36 +853 -174
merenber commented 2021-08-17 22:05:37 -04:00
Owner
Copy Link

This PR adds unconstrained Kerberos delegation to the API.

The client obtains a forwarded TGT and sends it, base64-encoded, in an HTTP header named 'X-KRB5-CRED'. The server reads this credential, creates a new credentials cache for the user, and stores the credential into the new cache. The server can now authenticate to other services (e.g. LDAP) over GSSAPI using the forwarded client's credentials.

This PR adds unconstrained Kerberos delegation to the API. The client obtains a forwarded TGT and sends it, base64-encoded, in an HTTP header named 'X-KRB5-CRED'. The server reads this credential, creates a new credentials cache for the user, and stores the credential into the new cache. The server can now authenticate to other services (e.g. LDAP) over GSSAPI using the forwarded client's credentials.
merenber added 1 commit 2021-08-17 22:05:37 -04:00
merenber requested review from r345liu 2021-08-17 22:07:25 -04:00
r345liu approved these changes 2021-08-18 12:37:45 -04:00
r345liu left a comment
Owner
Copy Link

Don't know much about Kerobos but the code looks good to me.

Don't know much about Kerobos but the code looks good to me.
README.md Outdated
@ -9,13 +9,25 @@ this repo in one of the dev environment containers.
Next, install and activate a virtualenv:
```sh
sudo apt install libkrb5-dev python3-dev
r345liu commented 2021-08-18 12:17:14 -04:00
Owner
Copy Link

I also needed libsasl2-dev and libldap2-dev when I setup my environment

I also needed `libsasl2-dev` and `libldap2-dev` when I setup my environment
merenber added 1 commit 2021-08-18 15:37:29 -04:00
merenber commented 2021-08-18 15:37:57 -04:00
Author
Owner
Copy Link

We're not using python-ldap anymore so libldap2-dev should no longer be necessary.

We're not using python-ldap anymore so libldap2-dev should no longer be necessary.
merenber merged commit d78d31eec0 into v1 2021-08-18 15:39:14 -04:00
merenber deleted branch delegation 2021-08-18 15:41:35 -04:00
Sign in to join this conversation.
Reviewers
No reviewers
r345liu
Labels
Clear labels   
priority
high
High priority

  
priority
low
Low priority

  
priority
medium
Medium priority

  
priority
very high
Very high priority

  
BUG

   
Feature

   
High Priority

   
Low Priority

   
Medium Priority
No Label
priority
high
priority
low
priority
medium
priority
very high
BUG
Feature
High Priority
Low Priority
Medium Priority
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: public/pyceo#5
No description provided.
Delete Branch "delegation"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?