Kerberos authentication backend for Python Social Auth
======================================================
.. image:: https://github.com/kiwitcms/python-social-auth-kerberos/workflows/integration%20test/badge.svg
:target: https://github.com/kiwitcms/python-social-auth-kerberos/actions
.. image:: https://coveralls.io/repos/github/kiwitcms/python-social-auth-kerberos/badge.svg?branch=master
:target: https://coveralls.io/github/kiwitcms/python-social-auth-kerberos?branch=master
.. image:: https://tidelift.com/badges/package/pypi/social-auth-kerberos
:target: https://tidelift.com/subscription/pkg/pypi-social-auth-kerberos?utm_source=pypi-social-auth-kerberos&utm_medium=github&utm_campaign=readme
:alt: Tidelift
.. image:: https://opencollective.com/kiwitcms/tiers/sponsor/badge.svg?label=sponsors&color=brightgreen
:target: https://opencollective.com/kiwitcms#contributors
:alt: Become a sponsor
.. image:: https://img.shields.io/twitter/follow/KiwiTCMS.svg
:target: https://twitter.com/KiwiTCMS
:alt: Kiwi TCMS on Twitter
This package provides Kerberos backend for Python Social Auth. It can be used to
enable passwordless authentication inside a Django app or any other application
that supports Python Social Auth. This is a pure Python implementation which doesn't
depend on Apache ``mod_auth_kerb``.
Installation
------------
To install::
pip install social-auth-kerberos
**WARNING:** you will need gcc, Python and kerberos devel packages to
build the ``gssapi`` dependency because it doesn't provide binary packages. Try
``dnf install gcc krb5-devel python3-devel`` (Red Hat/Fedora) or
``apt-get install gcc libkrb5-dev libpython3-dev`` (Debian/Ubuntu).
Configuration
-------------
`Configure Python Social Auth <https://python-social-auth.readthedocs.io/en/latest/configuration/index.html>`_
and then make sure you have the following settings enabled::
AUTHENTICATION_BACKENDS = [
'social_auth_kerberos.backend.KerberosAuth',
'django.contrib.auth.backends.ModelBackend',
]
SOCIAL_AUTH_KRB5_KEYTAB = '/Kiwi/your-application.keytab'
**IMPORTANT:**
The principal name for your Kiwi TCMS web service must be
``HTTP/<fqdn.example.com>@REALM.EXAMPLE.COM`` where ``fqdn.example.com`` is
the domain name of the Kiwi TCMS server and ``REALM.EXAMPLE.COM`` is the
Kerberos realm that is used in your organization.
``/Kiwi/your-application.keytab`` is the keytab file for your
web app principal! If you install this inside a Docker container make sure
to ``chown 1001:root``!
Pipeline configuration
----------------------
Python Social Auth, and by extension this plugin, will create new user accounts
upon first access of the web interface. In Kiwi TCMS users need to either be
in the special group *Tester* or have sufficient permissions to add/edit/delete
objects.
You can automatically assign new accounts to the *Tester* group if
you append ``social_auth_kerberos.pipeline.initiate_defaults`` to the end
of the ``SOCIAL_AUTH_PIPELINE`` setting.
**WARNING:** this is not done for you automatically because some administrators
may want to employ different behaviour for newly registered accounts!
Kerberos configuration
----------------------
For more information about Kerberos see:
- `How to configure Firefox for kerberos <https://people.redhat.com/mikeb/negotiate/>`_
- `How to configure kerberos on Fedora <https://fedoraproject.org/wiki/Kerberos_KDC_Quickstart_Guide>`_
- `How to generate a keytab file
<https://docs.tibco.com/pub/spotfire_server/7.6.1/doc/html/tsas_admin_help/GUID-27726F6E-569C-4704-8433-5CCC0232EC79.html>`_
or check out ``tests/Dockerfile.kerberos``.
Changelog
---------
v0.3.0 (17 Dec 2023)
~~~~~~~~~~~~~~~~~~~~
- Update gssapi from 1.6.12 to 1.8.3
- Update social-auth-core from 4.0.1 to 4.5.1
- Document the need to compile ``gssapi``. Fixes
`Issue #3 <https://github.com/kiwitcms/python-social-auth-kerberos/issues/3>`_
- Build and test with Python 3.11, Kiwi TCMS v12.7
- Remove unused import
v0.2.4 (24 Mar 2020)
~~~~~~~~~~~~~~~~~~~~
- Add ``social_auth_kerberos.pipeline`` with function to initialize
default permissions for newly created accounts. See section
*Pipeline configuration*
- Update README with more information how to configure this plugin
- Enable integration testing with Kerberos and coverage collection
v0.2.3 (22 Mar 2020)
~~~~~~~~~~~~~~~~~~~~
- Keep a reference to current user before checking anything else.
Resolves a crash for clients which know that the server is
Kerberos enabled and directly send the Authorization header
- Be more tolerant to authorization request headers which don't
match RFC-4459, section 4.2
v0.2.2 (10 Nov 2019)
~~~~~~~~~~~~~~~~~~~~
- Pin license version to GPLv2 for Tidelift
v0.2.1 (10 Dec 2018)
~~~~~~~~~~~~~~~~~~~~
- Initial release
Raw data
{
"_id": null,
"home_page": "https://github.com/kiwitcms/python-social-auth-kerberos/",
"name": "social-auth-kerberos",
"maintainer": "",
"docs_url": null,
"requires_python": "",
"maintainer_email": "",
"keywords": "social auth,kerberos",
"author": "Kiwi TCMS",
"author_email": "info@kiwitcms.org",
"download_url": "https://files.pythonhosted.org/packages/dc/4b/fe3b545a293688ac38502a760b6eec98d8429aafeb0412050e0f2567b8a7/social-auth-kerberos-0.3.0.tar.gz",
"platform": null,
"description": "Kerberos authentication backend for Python Social Auth\n======================================================\n\n.. image:: https://github.com/kiwitcms/python-social-auth-kerberos/workflows/integration%20test/badge.svg\n :target: https://github.com/kiwitcms/python-social-auth-kerberos/actions\n\n.. image:: https://coveralls.io/repos/github/kiwitcms/python-social-auth-kerberos/badge.svg?branch=master\n :target: https://coveralls.io/github/kiwitcms/python-social-auth-kerberos?branch=master\n\n.. image:: https://tidelift.com/badges/package/pypi/social-auth-kerberos\n :target: https://tidelift.com/subscription/pkg/pypi-social-auth-kerberos?utm_source=pypi-social-auth-kerberos&utm_medium=github&utm_campaign=readme\n :alt: Tidelift\n\n.. image:: https://opencollective.com/kiwitcms/tiers/sponsor/badge.svg?label=sponsors&color=brightgreen\n :target: https://opencollective.com/kiwitcms#contributors\n :alt: Become a sponsor\n\n.. image:: https://img.shields.io/twitter/follow/KiwiTCMS.svg\n :target: https://twitter.com/KiwiTCMS\n :alt: Kiwi TCMS on Twitter\n\n\nThis package provides Kerberos backend for Python Social Auth. It can be used to\nenable passwordless authentication inside a Django app or any other application\nthat supports Python Social Auth. This is a pure Python implementation which doesn't\ndepend on Apache ``mod_auth_kerb``.\n\nInstallation\n------------\n\nTo install::\n\n pip install social-auth-kerberos\n\n**WARNING:** you will need gcc, Python and kerberos devel packages to\nbuild the ``gssapi`` dependency because it doesn't provide binary packages. Try\n``dnf install gcc krb5-devel python3-devel`` (Red Hat/Fedora) or\n``apt-get install gcc libkrb5-dev libpython3-dev`` (Debian/Ubuntu).\n\n\nConfiguration\n-------------\n\n`Configure Python Social Auth <https://python-social-auth.readthedocs.io/en/latest/configuration/index.html>`_\nand then make sure you have the following settings enabled::\n\n\n AUTHENTICATION_BACKENDS = [\n 'social_auth_kerberos.backend.KerberosAuth',\n 'django.contrib.auth.backends.ModelBackend',\n ]\n\n SOCIAL_AUTH_KRB5_KEYTAB = '/Kiwi/your-application.keytab'\n\n**IMPORTANT:**\n\nThe principal name for your Kiwi TCMS web service must be\n``HTTP/<fqdn.example.com>@REALM.EXAMPLE.COM`` where ``fqdn.example.com`` is\nthe domain name of the Kiwi TCMS server and ``REALM.EXAMPLE.COM`` is the\nKerberos realm that is used in your organization.\n\n``/Kiwi/your-application.keytab`` is the keytab file for your\nweb app principal! If you install this inside a Docker container make sure\nto ``chown 1001:root``!\n\n\nPipeline configuration\n----------------------\n\nPython Social Auth, and by extension this plugin, will create new user accounts\nupon first access of the web interface. In Kiwi TCMS users need to either be\nin the special group *Tester* or have sufficient permissions to add/edit/delete\nobjects.\n\nYou can automatically assign new accounts to the *Tester* group if\nyou append ``social_auth_kerberos.pipeline.initiate_defaults`` to the end\nof the ``SOCIAL_AUTH_PIPELINE`` setting.\n\n**WARNING:** this is not done for you automatically because some administrators\nmay want to employ different behaviour for newly registered accounts!\n\n\nKerberos configuration\n----------------------\n\nFor more information about Kerberos see:\n\n- `How to configure Firefox for kerberos <https://people.redhat.com/mikeb/negotiate/>`_\n- `How to configure kerberos on Fedora <https://fedoraproject.org/wiki/Kerberos_KDC_Quickstart_Guide>`_\n- `How to generate a keytab file\n <https://docs.tibco.com/pub/spotfire_server/7.6.1/doc/html/tsas_admin_help/GUID-27726F6E-569C-4704-8433-5CCC0232EC79.html>`_\n\nor check out ``tests/Dockerfile.kerberos``.\n\n\n\nChangelog\n---------\n\nv0.3.0 (17 Dec 2023)\n~~~~~~~~~~~~~~~~~~~~\n\n- Update gssapi from 1.6.12 to 1.8.3\n- Update social-auth-core from 4.0.1 to 4.5.1\n- Document the need to compile ``gssapi``. Fixes\n `Issue #3 <https://github.com/kiwitcms/python-social-auth-kerberos/issues/3>`_\n- Build and test with Python 3.11, Kiwi TCMS v12.7\n- Remove unused import\n\n\nv0.2.4 (24 Mar 2020)\n~~~~~~~~~~~~~~~~~~~~\n\n- Add ``social_auth_kerberos.pipeline`` with function to initialize\n default permissions for newly created accounts. See section\n *Pipeline configuration*\n- Update README with more information how to configure this plugin\n- Enable integration testing with Kerberos and coverage collection\n\n\nv0.2.3 (22 Mar 2020)\n~~~~~~~~~~~~~~~~~~~~\n\n- Keep a reference to current user before checking anything else.\n Resolves a crash for clients which know that the server is\n Kerberos enabled and directly send the Authorization header\n- Be more tolerant to authorization request headers which don't\n match RFC-4459, section 4.2\n\n\nv0.2.2 (10 Nov 2019)\n~~~~~~~~~~~~~~~~~~~~\n\n- Pin license version to GPLv2 for Tidelift\n\n\nv0.2.1 (10 Dec 2018)\n~~~~~~~~~~~~~~~~~~~~\n\n- Initial release\n",
"bugtrack_url": null,
"license": "GPLv2",
"summary": "Kerberos authentication backend for Python Social Auth",
"version": "0.3.0",
"project_urls": {
"Homepage": "https://github.com/kiwitcms/python-social-auth-kerberos/"
},
"split_keywords": [
"social auth",
"kerberos"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "ee729167a131b645ed69212121d3e6244d59b2cd0fbc58fcdc07534c87f53ca4",
"md5": "f5a5bd8ca17557421e801e38f498edf5",
"sha256": "cd6cad046b7286ce9f25d7ceec406398e31dc0ba3968a7810b31f612d365fbcc"
},
"downloads": -1,
"filename": "social_auth_kerberos-0.3.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f5a5bd8ca17557421e801e38f498edf5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": null,
"size": 12342,
"upload_time": "2023-12-17T14:10:17",
"upload_time_iso_8601": "2023-12-17T14:10:17.049594Z",
"url": "https://files.pythonhosted.org/packages/ee/72/9167a131b645ed69212121d3e6244d59b2cd0fbc58fcdc07534c87f53ca4/social_auth_kerberos-0.3.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "dc4bfe3b545a293688ac38502a760b6eec98d8429aafeb0412050e0f2567b8a7",
"md5": "57229e77d5e503282416df9ea43cbf7a",
"sha256": "1d405dda23fb3263b2385f5d8013e43995b7960222ba8841593161b331011c2a"
},
"downloads": -1,
"filename": "social-auth-kerberos-0.3.0.tar.gz",
"has_sig": false,
"md5_digest": "57229e77d5e503282416df9ea43cbf7a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 11657,
"upload_time": "2023-12-17T14:10:18",
"upload_time_iso_8601": "2023-12-17T14:10:18.223212Z",
"url": "https://files.pythonhosted.org/packages/dc/4b/fe3b545a293688ac38502a760b6eec98d8429aafeb0412050e0f2567b8a7/social-auth-kerberos-0.3.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-12-17 14:10:18",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "kiwitcms",
"github_project": "python-social-auth-kerberos",
"travis_ci": false,
"coveralls": true,
"github_actions": true,
"requirements": [],
"lcname": "social-auth-kerberos"
}
JSON
