0

I'm creating a windows web service (REST) that is calling an app in pyhon subprocess. I'd like to execute that app with caller's credentials i.e. implement a impersonation with kerberos in that service. Have read many articles but haven't found anything helpful, can you please advise whether it's even possible and how?

Thanks

stampOnd
  • 1
  • 1
  • Welcome. Yes what you're asking for is generally possible, using Kerberos delegation, or alternatively constrained delegation (also known as S4U extensions.) I'm not sure how you go about it in Windows, however. I've used python-gssapi on linux, but I am not sure if that works on Windows. Also, you haven't said which language/platform your REST service will be written in. You'll probably have more luck with more specific questions. – John B Feb 27 '19 at 14:38
  • Hi John, thank you for comment. I am basically reading about the actual possibility in Windows, but no specific hints. I tried winkerberos, kerberos_sspi or win32security but never managed to make it working. My REST api is written in python and wrapped by nssm as Windows service that calls another python app on that server. And I need to call that app on user's behalf – stampOnd Feb 27 '19 at 20:24
  • @stampOnd Have you ever resolved this problem? I am trying to figure out how to update the remote user's AD attributes (such as phone numbers) in Active Directory through a python flask application using impersonation/delegation. – moosearch Mar 19 '21 at 00:17

0 Answers0