Flask-Kerberos yields different results when running the code via "flask run" and with Vim

Question

Simply saying there is a Flask App based on the Flask-Kerberos example with a valid keytab file (os.environ['KRB5_KTNAME']='/path/to/file.keytab').

This is a working tree of my project:

flask_kerberos_example\
    static\
        style.css
    templates\
        index.html
    example_pure.py
    config.py
    .flaskenv

Here is the content of 'example_pure.py' file:

from flask import Flask
from flask import render_template
from flask_kerberos import init_kerberos
from flask_kerberos import requires_authentication
from config import Config

app = Flask(__name__)
app.config.from_object(Config)

@app.route("/")
@requires_authentication
def index(user):
    return render_template('index.html', user=user)

if __name__ == '__main__':
    init_kerberos(app, hostname='Server.l.s.d')
    app.run(host="0.0.0.0", port=5000)

here is a 'config.py'

import os
import base64
from dotenv import load_dotenv

basedir = os.path.abspath(os.path.dirname(__file__))
load_dotenv(os.path.join(basedir, '.flaskenv'))

class Config(object):

    # Setup Secret Key for Application
    SECRET_KEY = os.environ.get('SECRET_KEY') or str(base64.b64encode('you-will-never-guess'.encode("utf-8")))

and here is a '.flaskenv'

FLASK_APP="example_pure.py"
FLASK_RUN_HOST="0.0.0.0"
FLASK_RUN_PORT=5000

when I execute this code via vim with F9 I am getting the desired output

Browser (http://Server.l.s.d:5000/)

Flask Kerberos Example

It worked, I think you are username@L.S.D

CMD

(venv) User@Server:~/.../flask_kerberos_example$ vim

 * Serving Flask app "example_pure" (lazy loading)
 * Environment: production
   WARNING: This is a development server. Do not use it in a production deployment.
   Use a production WSGI server instead.
 * Debug mode: off
 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
a.b.c.d - - [08/Jul/2021 09:35:19] "GET / HTTP/1.1" 401 -
a.b.c.d - - [08/Jul/2021 09:35:19] "GET / HTTP/1.1" 200 -
a.b.c.d - - [08/Jul/2021 09:35:19] "GET /static/style.css HTTP/1.1" 304 -

However, when I start the Flask applciation with flask run I don't see exactly the same result.

Browser (http://Server.l.s.d:5000/)

Internal Server Error

The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application.

CMD

(venv) User@Server:~/.../flask_kerberos_example$ flask run

 * Serving Flask app "example_pure.py"
 * Environment: production
   WARNING: This is a development server. Do not use it in a production deployment.
   Use a production WSGI server instead.
 * Debug mode: off
 * Running on http://0.0.0.0:5000/ (Press CTRL+C to quit)
a.b.c.d - - [08/Jul/2021 09:37:28] "GET / HTTP/1.1" 401 -
[2021-07-08 09:37:28,023] ERROR in app: Exception on / [GET]
Traceback (most recent call last):
  File "/home/user/venv/lib/python3.7/site-packages/flask/app.py", line 2447, in wsgi_app
    response = self.full_dispatch_request()
  File "/home/user/venv/lib/python3.7/site-packages/flask/app.py", line 1952, in full_dispatch_request
    rv = self.handle_user_exception(e)
  File "/home/user/venv/lib/python3.7/site-packages/flask/app.py", line 1821, in handle_user_exception
    reraise(exc_type, exc_value, tb)
  File "/home/user/venv/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise
    raise value
  File "/home/user/venv/lib/python3.7/site-packages/flask/app.py", line 1950, in full_dispatch_request
    rv = self.dispatch_request()
  File "/home/user/venv/lib/python3.7/site-packages/flask/app.py", line 1936, in dispatch_request
    return self.view_functions[rule.endpoint](**req.view_args)
  File "/home/user/venv/lib/python3.7/site-packages/flask_kerberos.py", line 106, in decorated
    rc = _gssapi_authenticate(token)
  File "/home/user/venv/lib/python3.7/site-packages/flask_kerberos.py", line 70, in _gssapi_authenticate
    rc, state = kerberos.authGSSServerInit(_SERVICE_NAME)
TypeError: argument 1 must be str, not None
a.b.c.d - - [08/Jul/2021 09:37:28] "GET / HTTP/1.1" 500 -

As I can see that Flask scolds about the _SERVICE_NAME variable. I do not understand if I have to set it either in '.flaskenv' or 'config.py', do not I? It looks like this problem partially overlaps with my previous question: "TypeError: argument 1 must be str, not None" when running Flask-Kerberos

Can somebody explain to me what could a problem and why am I getting different results?

Answer 1

When you use flask run, it imports your app as a module, therefore __name__ will not be equal to "__main__", therefore init_kerberos() never gets called and never sets the _SERVICE_NAME global within flask-kerberos.

Also, generally, I would suggest switching to flask-gssapi, both because it is written in a cleaner manner and does not rely on global state, and because it is based on python-gssapi instead of the old & nearly unmaintained pykerberos.