Created
April 11, 2013 06:11
-
-
Save clsung/5361118 to your computer and use it in GitHub Desktop.
kerberos
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| import requests | |
| import kerberos | |
| class KerberosTicket: | |
| def __init__(self, service): | |
| __, krb_context = kerberos.authGSSClientInit(service) | |
| kerberos.authGSSClientStep(krb_context, "") | |
| self._krb_context = krb_context | |
| self.auth_header = ("Negotiate " + | |
| kerberos.authGSSClientResponse(krb_context)) | |
| def verify_response(self, auth_header): | |
| # Handle comma-separated lists of authentication fields | |
| for field in auth_header.split(","): | |
| kind, __, details = field.strip().partition(" ") | |
| if kind.lower() == "negotiate": | |
| auth_details = details.strip() | |
| break | |
| else: | |
| raise ValueError("Negotiate not found in %s" % auth_header) | |
| # Finish the Kerberos handshake | |
| krb_context = self._krb_context | |
| if krb_context is None: | |
| raise RuntimeError("Ticket already used for verification") | |
| self._krb_context = None | |
| kerberos.authGSSClientStep(krb_context, auth_details) | |
| kerberos.authGSSClientClean(krb_context) | |
| krb = KerberosTicket("[email protected]") | |
| headers = {"Authorization": krb.auth_header} | |
| r = requests.get("http://10.116.136.27/home/cl_sung/req_krb.py", headers=headers) | |
| print r.status_code | |
| print krb.verify_response(r.headers["www-authenticate"]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment