High level interface to SSPI for Kerberos client auth

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 10gen from gravatar.com 10gen

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache License )
  • Author: Bernie Hackett
  • Tags GSSAPI , Kerberos , SSPI
  • Requires: Python >=3.10
Classifiers
Report project as malware

Project description

Info:

See github for the latest source.

Author:

Bernie Hackett <bernie@mongodb.com>

About

A native Kerberos client implementation for Python on Windows. This module mimics the API of pykerberos to implement Kerberos authentication with Microsoft’s Security Support Provider Interface (SSPI). It supports Python 3.10+.

Installation

WinKerberos is in the Python Package Index (pypi). Use pip to install it:

python -m pip install winkerberos

WinKerberos requires Windows 7 / Windows Server 2008 R2 or newer.

Building and installing from source

You must have the correct version of VC++ installed for your version of Python:

  • Python 3.10+ - Visual Studio 2015+ (Any version)

Once you have the required compiler installed, run the following command from the root directory of the WinKerberos source:

pip install .

Building HTML documentation

First install Sphinx:

python -m pip install Sphinx

Then run the following command from the root directory of the WinKerberos source:

pip install -e .
python -m sphinx -b html doc doc/_build

Examples

This is a simplified example of a complete authentication session following RFC-4752, section 3.1:

import winkerberos as kerberos


def send_response_and_receive_challenge(response):
    # Your server communication code here...
    pass


def authenticate_kerberos(service, user, channel_bindings=None):
    # Initialize the context object with a service principal.
    status, ctx = kerberos.authGSSClientInit(service)

    # GSSAPI is a "client goes first" SASL mechanism. Send the
    # first "response" to the server and receive its first
    # challenge.
    if channel_bindings is not None:
        status = kerberos.authGSSClientStep(ctx, "", channel_bindings=channel_bindings)
    else:
        status = kerberos.authGSSClientStep(ctx, "")
    response = kerberos.authGSSClientResponse(ctx)
    challenge = send_response_and_receive_challenge(response)

    # Keep processing challenges and sending responses until
    # authGSSClientStep reports AUTH_GSS_COMPLETE.
    while status == kerberos.AUTH_GSS_CONTINUE:
        if channel_bindings is not None:
            status = kerberos.authGSSClientStep(
                ctx, challenge, channel_bindings=channel_bindings
            )
        else:
            status = kerberos.authGSSClientStep(ctx, challenge)

        response = kerberos.authGSSClientResponse(ctx) or ""
        challenge = send_response_and_receive_challenge(response)

    # Decrypt the server's last challenge
    kerberos.authGSSClientUnwrap(ctx, challenge)
    data = kerberos.authGSSClientResponse(ctx)
    # Encrypt a response including the user principal to authorize.
    kerberos.authGSSClientWrap(ctx, data, user)
    response = kerberos.authGSSClientResponse(ctx)

    # Complete authentication.
    send_response_and_receive_challenge(response)

Channel bindings can be generated with help from the cryptography module. See https://tools.ietf.org/html/rfc5929#section-4.1 for the rules regarding hash algorithm choice:

from cryptography import x509
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives import hashes


def channel_bindings(ssl_socket):
    server_certificate = ssl_socket.getpeercert(True)
    cert = x509.load_der_x509_certificate(server_certificate, default_backend())
    hash_algorithm = cert.signature_hash_algorithm
    if hash_algorithm.name in ("md5", "sha1"):
        digest = hashes.Hash(hashes.SHA256(), default_backend())
    else:
        digest = hashes.Hash(hash_algorithm, default_backend())
    digest.update(server_certificate)
    application_data = b"tls-server-end-point:" + digest.finalize()
    return kerberos.channelBindings(application_data=application_data)

Viewing API Documentation without Sphinx

Use the help function in the python interactive shell:

>>> import winkerberos
>>> help(winkerberos)

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for 10gen from gravatar.com 10gen

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: Apache Software License (Apache License )
  • Author: Bernie Hackett
  • Tags GSSAPI , Kerberos , SSPI
  • Requires: Python >=3.10
Classifiers

Release history Release notifications | RSS feed

This version

0.13.0

0.12.2

0.12.1

0.12.0

0.11.0

0.11.0rc4 pre-release

0.11.0rc3 pre-release

0.11.0rc2 pre-release

0.11.0rc1 pre-release

0.11.0.dev0 pre-release

0.10.1rc2 pre-release

0.10.0

0.9.1

0.9.0

0.8.0

0.7.0

0.6.0

0.5.0

0.4.0

0.3.0

0.2.0

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

winkerberos-0.13.0.tar.gz (35.7 kB view details)

Uploaded Source

Built Distributions

If you're not sure about the file name format, learn more about wheel file names.

winkerberos-0.13.0-cp314-cp314t-win_amd64.whl (28.7 kB view details)

Uploaded CPython 3.14tWindows x86-64

winkerberos-0.13.0-cp314-cp314t-win32.whl (26.5 kB view details)

Uploaded CPython 3.14tWindows x86

winkerberos-0.13.0-cp314-cp314-win_amd64.whl (28.5 kB view details)

Uploaded CPython 3.14Windows x86-64

winkerberos-0.13.0-cp314-cp314-win32.whl (26.2 kB view details)

Uploaded CPython 3.14Windows x86

winkerberos-0.13.0-cp313-cp313-win_amd64.whl (27.9 kB view details)

Uploaded CPython 3.13Windows x86-64

winkerberos-0.13.0-cp313-cp313-win32.whl (25.7 kB view details)

Uploaded CPython 3.13Windows x86

winkerberos-0.13.0-cp312-cp312-win_amd64.whl (27.9 kB view details)

Uploaded CPython 3.12Windows x86-64

winkerberos-0.13.0-cp312-cp312-win32.whl (25.7 kB view details)

Uploaded CPython 3.12Windows x86

winkerberos-0.13.0-cp311-cp311-win_amd64.whl (27.9 kB view details)

Uploaded CPython 3.11Windows x86-64

winkerberos-0.13.0-cp311-cp311-win32.whl (25.6 kB view details)

Uploaded CPython 3.11Windows x86

winkerberos-0.13.0-cp310-cp310-win_amd64.whl (27.9 kB view details)

Uploaded CPython 3.10Windows x86-64

winkerberos-0.13.0-cp310-cp310-win32.whl (25.6 kB view details)

Uploaded CPython 3.10Windows x86

File details

Details for the file winkerberos-0.13.0.tar.gz.

File metadata

  • Download URL: winkerberos-0.13.0.tar.gz
  • Upload date:
  • Size: 35.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for winkerberos-0.13.0.tar.gz
Algorithm Hash digest
SHA256 f3fbb67346fe8ed697e125724b0699d5c2a15b9a5f9151d25a1be88df8dac427
MD5 05d5a5aafd98768707b1c79d5074d23e
BLAKE2b-256 ca6c455f043bc28694a278125d1fc2ab7cbf0ce0953c97bbe1021f08fd19c7b8

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0.tar.gz:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp314-cp314t-win_amd64.whl.

File metadata

File hashes

Hashes for winkerberos-0.13.0-cp314-cp314t-win_amd64.whl
Algorithm Hash digest
SHA256 441884c0bda4bee0125fdbd7fee6a232dab58b4a64be8950eb17a8a7404a5440
MD5 c04ee67f97f76b938ecfdc667520296c
BLAKE2b-256 e7a6cc5f24b3f1a46a826b7e30ef56fdc1fe22315fef96de8e22afbdd5d98e7a

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp314-cp314t-win_amd64.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp314-cp314t-win32.whl.

File metadata

  • Download URL: winkerberos-0.13.0-cp314-cp314t-win32.whl
  • Upload date:
  • Size: 26.5 kB
  • Tags: CPython 3.14t, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for winkerberos-0.13.0-cp314-cp314t-win32.whl
Algorithm Hash digest
SHA256 5bc5e40a816d94d4a5abd665fe62088c1ee91ee9a1f5d787032a63004842fedf
MD5 acf4b6e2f43b76f3ae402117892236a8
BLAKE2b-256 29bacd8186479046b7a749cee8d4d9fd50e3ce3330d8ea611efe4b8b741f0c3b

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp314-cp314t-win32.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp314-cp314-win_amd64.whl.

File metadata

File hashes

Hashes for winkerberos-0.13.0-cp314-cp314-win_amd64.whl
Algorithm Hash digest
SHA256 5d5add54d10e31671f7c28c90ccafe98b45cec6d7519949ba30add51e34aee9a
MD5 727a781bb983029ce6485055897bc0c2
BLAKE2b-256 977c5a418e8d292e3fea1012ccf029b38fae430542fab1beaf6fc60cf138cc08

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp314-cp314-win_amd64.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp314-cp314-win32.whl.

File metadata

  • Download URL: winkerberos-0.13.0-cp314-cp314-win32.whl
  • Upload date:
  • Size: 26.2 kB
  • Tags: CPython 3.14, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for winkerberos-0.13.0-cp314-cp314-win32.whl
Algorithm Hash digest
SHA256 46cc29fa95744076a0dd2a167158574826509a5e4aa052b81a2b535aab4af14a
MD5 009e54dca7a1525feee78b74becb1a60
BLAKE2b-256 80d9d12d310fdf9ace70f7469ecfd9f112dc39cb7e1f77348228c06a6bd72c57

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp314-cp314-win32.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp313-cp313-win_amd64.whl.

File metadata

File hashes

Hashes for winkerberos-0.13.0-cp313-cp313-win_amd64.whl
Algorithm Hash digest
SHA256 c45e84a35a3b87b88d0e6d7b55d40712dc021f80af3cb9e81091651e6a73510d
MD5 133b4b7a3602f5053238c3d8a9514a83
BLAKE2b-256 9c26b17649b0707e4d8cd9d0d4ceadcef06eff2fc76fcb444cb187763158ae63

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp313-cp313-win_amd64.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp313-cp313-win32.whl.

File metadata

  • Download URL: winkerberos-0.13.0-cp313-cp313-win32.whl
  • Upload date:
  • Size: 25.7 kB
  • Tags: CPython 3.13, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for winkerberos-0.13.0-cp313-cp313-win32.whl
Algorithm Hash digest
SHA256 38fefdfc77a7f82c3cc9f83c7d1b6f242e6d3ea200bfde9b640f7dfe9fdf9bda
MD5 70539de6d6f3c93b975675dd6de98245
BLAKE2b-256 9283b1f52594cc2c3ce18c67a04aecb0cb4fb3f4769c268d194cc5f4863150fa

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp313-cp313-win32.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp312-cp312-win_amd64.whl.

File metadata

File hashes

Hashes for winkerberos-0.13.0-cp312-cp312-win_amd64.whl
Algorithm Hash digest
SHA256 59f01879c62adcda5af857fd78d2b2dfdfd99cf6179b92d38e2f2bd12db75bf7
MD5 4fb7fe50c968b7667d1b934630919c6b
BLAKE2b-256 52c2ff9074cf423d82bdfb48ac89e64f360533ba4e2079e8485be8377a8c54fe

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp312-cp312-win_amd64.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp312-cp312-win32.whl.

File metadata

  • Download URL: winkerberos-0.13.0-cp312-cp312-win32.whl
  • Upload date:
  • Size: 25.7 kB
  • Tags: CPython 3.12, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for winkerberos-0.13.0-cp312-cp312-win32.whl
Algorithm Hash digest
SHA256 3454b8bb9c11091e4775a8bd692dfbe45f2eab12f3a4837b820c2505088dfdd2
MD5 df99335b7a73e926b38ac8ef809fa196
BLAKE2b-256 3afa02de79d7dbec9122a6778678ed432ebffb228c48b16cfba3007c45a6e8fd

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp312-cp312-win32.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp311-cp311-win_amd64.whl.

File metadata

File hashes

Hashes for winkerberos-0.13.0-cp311-cp311-win_amd64.whl
Algorithm Hash digest
SHA256 6bc03e66a737bfd11964e6cdc5f03a8cd0baed798f991b1467075c65980c4157
MD5 e07c20d89db81b734fb3750b33d0d720
BLAKE2b-256 6e5bbafa1cfb9f047be139ffae330f6eafa0487f8bf82164ead756e0bc2bc047

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp311-cp311-win_amd64.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp311-cp311-win32.whl.

File metadata

  • Download URL: winkerberos-0.13.0-cp311-cp311-win32.whl
  • Upload date:
  • Size: 25.6 kB
  • Tags: CPython 3.11, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for winkerberos-0.13.0-cp311-cp311-win32.whl
Algorithm Hash digest
SHA256 a23c83854650416545000c4630e94b16fa14c7b400bd5f08a79718e04eff9135
MD5 0bc54cae9ee8ffe2ada7ed849fa94127
BLAKE2b-256 ce0905c4d2fb93f5478fd1b6146c4fa3fbb80839576a34062e5677f2dec3a430

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp311-cp311-win32.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp310-cp310-win_amd64.whl.

File metadata

File hashes

Hashes for winkerberos-0.13.0-cp310-cp310-win_amd64.whl
Algorithm Hash digest
SHA256 a1293325d69bfd75aefecde45ee1e52a0adfc29f2e19650eea9a87fddaa20b02
MD5 ee952a1b3524a667eb0d4348d38bb969
BLAKE2b-256 de909b1e787831496683c494f50e05fe08a0579e51c4d3b8bbc90d7fadbf8858

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp310-cp310-win_amd64.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file winkerberos-0.13.0-cp310-cp310-win32.whl.

File metadata

  • Download URL: winkerberos-0.13.0-cp310-cp310-win32.whl
  • Upload date:
  • Size: 25.6 kB
  • Tags: CPython 3.10, Windows x86
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for winkerberos-0.13.0-cp310-cp310-win32.whl
Algorithm Hash digest
SHA256 e6df7ab4c4e39e3e1d539b32ea20df84dc7ac32391391bf415c2a8051082051d
MD5 bc51de819ac4704415404dab58419796
BLAKE2b-256 05457199a756e3b25757cbf5986c8af040647aba24b039493eddff7950007f31

See more details on using hashes here.

Provenance

The following attestation bundles were made for winkerberos-0.13.0-cp310-cp310-win32.whl:

Publisher: release-python.yml on mongodb/winkerberos

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page