deshaw / flask-kerberos Goto Github PK
View Code? Open in Web Editor NEWKerberos Authentication for Flask
License: BSD 3-Clause "New" or "Revised" License
Kerberos Authentication for Flask
License: BSD 3-Clause "New" or "Revised" License
The kerberos
package provided by the ccs-pykerberos project was archived in February and is no longer maintained.
Should this project adopt an alternative library?
Installing collected packages: kerberos, flask-kerberos
Running setup.py install for kerberos ... error
Complete output from command /usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-jbd2n90x/kerberos/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-3as0bn5c/install-record.txt --single-version-externally-managed --compile:
running install
running build
running build_ext
building 'kerberos' extension
creating build
creating build/temp.linux-x86_64-3.5
creating build/temp.linux-x86_64-3.5/src
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -I/usr/include/python3.5m -c src/base64.c -o build/temp.linux-x86_64-3.5/src/base64.o /bin/sh: 1: krb5-config: not found
x86_64-linux-gnu-gcc: error: /bin/sh:: No such file or directory
x86_64-linux-gnu-gcc: error: 1:: No such file or directory
x86_64-linux-gnu-gcc: error: krb5-config:: No such file or directory
x86_64-linux-gnu-gcc: error: not: No such file or directory
x86_64-linux-gnu-gcc: error: found: No such file or directory
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
----------------------------------------
Command "/usr/bin/python3 -u -c "import setuptools, tokenize;file='/tmp/pip-install-jbd2n90x/kerberos/setup.py';f=getattr(tokenize, 'open', open)(file);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, file, 'exec'))" install --record /tmp/pip-record-3as0bn5c/install-record.txt --single-version-externally-managed --compile" failed with error code 1 in /tmp/pip-install-jbd2n90x/kerberos/
hello
i had sudo apt-get install gcc, python3-dev, but not success pip3 install flask-kerberos, i used on ubuntu16.10 ,please help
I am trying to run the example provided in https://github.com/deshaw/flask-kerberos/tree/master/example.
Here is the content of my 'example.py' file
from flask import Flask
from flask import render_template
from flask_kerberos import init_kerberos
from flask_kerberos import requires_authentication
from config import Config
app = Flask(__name__)
app.config.from_object(Config)
@app.route("/")
@requires_authentication
def index(user):
return render_template('index.html', user=user)
if __name__ == '__main__':
init_kerberos(app)
app.run()
and here is a 'config.py'
import os
import base64
from dotenv import load_dotenv
basedir = os.path.abspath(os.path.dirname(__file__))
load_dotenv(os.path.join(basedir, '.flaskenv'))
class Config(object):
# Setup Secret Key for Application
SECRET_KEY = os.environ.get('SECRET_KEY') or str(base64.b64encode('you-will-never-guess'.encode("utf-8")))
# Location of the keytab file
KRB5_KTNAME = "K000007.keytab"
When start the Flask via flask run
I am getting the following error in CMD:
(venv) Server@Me:~/.../flask_kerberos_example$ flask run
* Serving Flask app "example.py" (lazy loading)
* Environment: development
* Debug mode: on
* Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
* Restarting with stat
* Debugger is active!
* Debugger PIN: 603-674-916
a.b.c.d - - [23/Jun/2021 08:47:51] "GET / HTTP/1.1" 401 -
a.b.c.d - - [23/Jun/2021 08:47:51] "GET / HTTP/1.1" 500 -
Traceback (most recent call last):
File "/venv/lib/python3.7/site-packages/flask/app.py", line 2464, in __call__
return self.wsgi_app(environ, start_response)
File "/venv/lib/python3.7/site-packages/flask/app.py", line 2450, in wsgi_app
response = self.handle_exception(e)
File "/venv/lib/python3.7/site-packages/flask/app.py", line 1867, in handle_exception
reraise(exc_type, exc_value, tb)
File "/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/venv/lib/python3.7/site-packages/flask/app.py", line 2447, in wsgi_app
response = self.full_dispatch_request()
File "/venv/lib/python3.7/site-packages/flask/app.py", line 1952, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/venv/lib/python3.7/site-packages/flask/app.py", line 1821, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
raise value
File "/venv/lib/python3.7/site-packages/flask/app.py", line 1950, in full_dispatch_request
rv = self.dispatch_request()
File "/venv/lib/python3.7/site-packages/flask/app.py", line 1936, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/venv/lib/python3.7/site-packages/flask_kerberos.py", line 106, in decorated
rc = _gssapi_authenticate(token)
File "/venv/lib/python3.7/site-packages/flask_kerberos.py", line 70, in _gssapi_authenticate
rc, state = kerberos.authGSSServerInit(_SERVICE_NAME)
TypeError: argument 1 must be str, not None
a.b.c.d - - [23/Jun/2021 08:47:51] "GET /?__debugger__=yes&cmd=resource&f=style.css HTTP/1.1" 200 -
a.b.c.d - - [23/Jun/2021 08:47:51] "GET /?__debugger__=yes&cmd=resource&f=debugger.js HTTP/1.1" 200 -
a.b.c.d - - [23/Jun/2021 08:47:51] "GET /?__debugger__=yes&cmd=resource&f=jquery.js HTTP/1.1" 200 -
a.b.c.d - - [23/Jun/2021 08:47:51] "GET /?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 -
a.b.c.d - - [23/Jun/2021 08:47:51] "GET /?__debugger__=yes&cmd=resource&f=console.png HTTP/1.1" 200 -
What can actually be a problem? How to resolve this?
Hello,
Flask uses heavy use of python's logging module, probably would be a good idea to also use it in flask-kerberos.
The _gssapi_authenticate call is completely swallowing diagnostic messages. When something is not working, all we're getting is a 401/403, without any traces or what the hack is going on. The kerberos.GSSError exception contains quite a bit of useful information, which is not being used, but swallowed by a None return. Also, when the nit is failing or anything is happening, there should be logging statements all around the place, with ERROR/WARN levels.
Please improve the library with proper error message propagation. Make it sysadmin friendly.
I want to allow specific views only to "Admins" and would like the auth mechanism to be kerberos.
Flask-Kerberos code constructs a service name like this:
flask_kerberos.py:
_SERVICE_NAME = "%s@%s" % (service, hostname)
in flask_kerberos.py. But the code in server_principal_details
called from kerberos.getServerPrincipalDetails(service, hostname)
which is called from init_kerberos()
constructs the service name like this:
kerberos-1.2.5/src/kerberosgss.c:
char* server_principal_details(const char* service, const char* hostname)
{
// ...
snprintf(match, 1024, "%s/%s@", service, hostname);
Flask-Kerberos (1.0.4)
kerberos (1.2.5)
I've noticed that kerberos.getServerPrincipalDetails
raises a 'Principal not found in keytab' exception if the FQDN is not used for the 'hostname' argument. I think it would be better to use socket.getfqdn
as the default value in init_kerberos
instead of socket.gethostname
.
Hello,
Please switch to using the .format string method, instead of formatting strings with the old % method. Currently the source is not much python3 friendly, and this one seems like a low hanging fruit.
Thanks
See https://github.com/mkomitee/flask-kerberos/blob/master/flask_kerberos.py#L35
The "Exception" class has dropped the "message" attribute at least since Python 3.4. Better to replace it with the "args" method.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.