Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to set up a connection with Kerberos in Python application?

Tags:

python

flask

active-directory

django-rest-framework

kerberos

I have task to create SSO (single sign-on) authorization in Python backend application with the help of Kerberos and Active Directory.

In other words, frontend application make AJAX GET request of the specific URL of the backend application. That backend application must return information about employee in JSON format.

What I have done so far:

1) SPN name for the backend application was created in Active Directory.

2) krb5.keytab file for the backend application was created.

3) Active Directory and Kerberos server located on remote Windows server.

4) Backend application would be in Linux Docker container.

5) I install Kerberos client to Docker container.

6) Kerberos Realm: SERVICE.LOCAL.

7) Hostname for the KDC Server: CS001, CS002, CS003.

Have you ever seen any implementations of the above process in Python? I will be grateful for any help.

like image 298
Nurzhan Nogerbek Avatar asked Sep 10 '25 14:09

Nurzhan Nogerbek

1 Answers

You have 2 ways to handle this:

  1. Handle it directly in Python
  2. Handle it in a proxy such as apache or nginx

Pure Python Solution

If you don't have a proxy or just want to handle it in python anyway, I recommend using the python-gssapi library. Here's a code sample. There are other Python bindings but from my reading, this one seems to be the most complete.

Note, if you handle it this way, your python server will probably need to be able to respect the keep-alive header (i.e. re-use the same connection for multiple requests). This isn't strictly part of the SPENGO protocol, but most browsers seem to require that the server implements it.

Proxy Solution

If you're using apache, there's a mod_auth_kerb module you can use which is well documented. There's also a mod_auth_gssapi which provides similar functionality.

For nginx, there's a similar module available.

With any of these proxy solutions, the idea is that the proxy handles Kerberos auth, and sets the REMOTE_USER env variable for your python app. So your python app needs to be able to accept this variable as an authenticated user. Django has middleware specifically for that purpose - I'm not sure about Flask (I mention these 2 frameworks because they're in your question's tags).

like image 126
John B Avatar answered Sep 12 '25 04:09

John B
Sign in to Comment

Related questions

Configuration file with list of key-value pairs in python
Is the Python Module Counter() Using C?
How to create a user in the Moodle Rest WS using the Python Requests module?
How to split python list into chunks of equal size? [duplicate]
OSMNX Shortest Path - How to skip node if not reachable and take the next nearest
Python code for sending requests with certificate, private encrypted key and password
How to run django unit-tests on production database?
OneHotEncoding Protein Sequences
Elegantly convert a numpy array of int64 to a numpy array of datetime64
How to sanitize url string in Python?
How to get __import__ back after removing it with del __builtins__.__dict__["__import__"]
Is autocomplete search feature available in tkinter combo box? [duplicate]
Why asyncio.get_event_loop method checks if the current thread is the main thread?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!