1

This is my first experience trying to connect to an API through python (from windows) using Kerberos authentication. I have been working on it for a few days and my progress has stalled. Here are just a few of the references I have been using:

This is the best tutorial I have found, but it appears to be using a deprecated module rather than the requests_kerberos: http://python-notes.curiousefficiency.org/en/latest/python_kerberos.html

https://pypi.org/project/requests-kerberos/

https://programtalk.com/python-examples/requests_kerberos.HTTPKerberosAuth/

Here is what I have tried so far(I will be masking sensitive information):

import requests
from requests_kerberos import HTTPKerberosAuth
r=requests.get("https://apiServer.hadoop.company.com:23232/templeton/v1/ddl/database/",auth=HTTPSKerberosAuth)

Here is some output:

r.status_code

401

r.headers

{'Content-Length': '1321', 'Set-Cookie': 'hadoop.auth=; Path=/; HttpOnly', 'Server': 'Jetty(7.6.0.v20120127)', 'Cache-Control': 'must-revalidate,no-cache,no-store', 'Content-Type': 'text/html;charset=ISO-8859-1', 'WWW-Authenticate': 'Negotiate'}

r.text

<html>\n<head>\n<meta http-equiv="Content-Type" 
content="text/html;charset=ISO
-8859-1"/>\n<title>Error 401 Authentication 
required</title>\n</head>\n<body>\n<
h2>HTTP ERROR: 401</h2>\n<p>Problem accessing /templeton/v1/ddl/database/. 
Reason:\n<pre>    Authentication required</pre></p>\n<hr /><i><small>Powered 
by Jetty://</small></i>

Does any of this output at least indicate that the server is getting my request?

If I connect to the API from our linux environment using curl it works just fine and I receive the expected output:

curl --negotiate -i -u :  'http://apiServer.hadoop.company.com:23232/templeton/v1/ddl/database/'

HTTP/1.1 401 Authentication required WWW-Authenticate: Negotiate Set-Cookie: hadoop.auth=; Path=/; HttpOnly Cache-Control: must-revalidate,no-cache,no-store Content-Type: text/html;charset=ISO-8859-1 Content-Length: 1321 Server: Jetty(7.6.0.v20230127)

HTTP/1.1 200 OK WWW-Authenticate: Negotiate YGY1cwVaADAgCAQ+iSTBHoAMCAReiQAQ+sf/nekePw09B/cboDrINa7qn+aENRuw2V+OW7Y7Rk9pOwGa8hrXC3rXKxCk= Set-Cookie: hadoop.auth="u=svc-qa-dsafqa-dev&p=svc-fd-itdflea-dev@hadoop.company.com&t=kerberos&e=15392343251&s=nWk/bFDbHQfsadfewe8PtjAsVHs="; Path=/; HttpOnly Content-Type: application/json Transfer-Encoding: chunked Server: Jetty(7.6.0.v20120127)

I realize that there is a gap in my fundamental understanding of kerberos authentication and I'm trying to bring to do a crash course, but I really just need to be able to connect to this api. Any help is greatly appreciated.

Community
  • 1
  • 1
Dr.Tautology
  • 416
  • 1
  • 8
  • 19
  • Google for `SPNego` -- that's the standard way _(promoted by Microsoft)_ to implement SSO with Kerberos. Hopefully, you will find a somewhat reputable and maintained Python module that supports SPNego. Good luck _(as you can guess I'm not a bit fan of Pytoyable)_ – Samson Scharfrichter Oct 09 '18 at 18:27

1 Answers1

0

You need to provide an instance of HTTPSKerberosAuth rather than the class itself, so your request should be:

r = requests.get("https://apiServer.com", auth=HTTPSKerberosAuth())

Note the parentheses in HTTPSKerberosAuth().

mart1n
  • 5,969
  • 5
  • 46
  • 83