Created
February 28, 2019 14:59
-
-
Save nitmir/c82b3256e5203ebe537618cc8e0dde3a to your computer and use it in GitHub Desktop.
Django gssapi/kerberos SPNEGO auth view
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import base64 | |
| import gssapi | |
| from django.http import HttpResponse | |
| FQDN = socket.getfqdn() | |
| REALM = "EXAMPLE.COM" | |
| server_name = gssapi.Name('http/%s@%s' % (FQDN, REALM)) | |
| server_creds = gssapi.Credentials(usage='accept', name=server_name) | |
| def testauth(request): | |
| auth_header = request.META.get('HTTP_AUTHORIZATION', None) | |
| if auth_header is None or not auth_header.startswith('Negotiate '): | |
| print("Missing auth: '%s'" % auth_header) | |
| response = HttpResponse('Unauthorized', status=401) | |
| response['WWW-Authenticate'] = 'Negotiate ' | |
| return response | |
| else: | |
| tok = base64.b64decode(auth_header[len('Negotiate '):]) | |
| ctx = gssapi.SecurityContext(creds=server_creds, usage='accept') | |
| server_tok = ctx.step(tok) | |
| b64tok = base64.b64encode(server_tok) | |
| print('Done: %s' % ctx.complete) | |
| if ctx.complete: | |
| response = HttpResponse('Hello %s' % (ctx.initiator_name,)) | |
| else: | |
| response = HttpResponse('Unauthorized', status=401) | |
| response['WWW-Authenticate'] = 'Negotiate ' + b64tok.decode('ascii') | |
| return response |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment