Hello, I've encountered some issues while attempting to authenticate using the winkerberos library as a client. After reviewing the current documentation for the winkerberos library, I find myself somewhat at a loss on how to proceed.
I have set up a principal nginx/kerberos.example.com@EXAMPLE.COM on the KDC and obtained the corresponding keytab file. Could you guide me on how to properly pass parameters for authentication? I attempted to use the given example code, inputting the service as nginx/kerberos.example.com and the principal as nginx/kerberos.example.com@EXAMPLE.COM, but the execution resulted in an exception displaying garbled characters.
program output:
Traceback (most recent call last):
File "D:\tmp\kerb5\test.py", line 50, in <module>
authenticate_kerberos("nginx/kerberos.msxftest.com", "", "nginx/kerberos.msxftest.com@HADOOP.COM")
File "D:\tmp\kerb5\test.py", line 21, in authenticate_kerberos
status = kerberos.authGSSClientStep(ctx, "")
winkerberos.GSSError: SSPI: InitializeSecurityContext: ��Ϊ������֤��䷢����ȡ����ϵ��example code:
import winkerberos as kerberos
def send_response_and_receive_challenge(response):
# Your server communication code here...
pass
def authenticate_kerberos(service, user, principal, channel_bindings=None):
# Initialize the context object with a service principal.
status, ctx = kerberos.authGSSClientInit(service, principal=principal)
print("xxxxxxxxxxx", status)
# GSSAPI is a "client goes first" SASL mechanism. Send the
# first "response" to the server and receive its first
# challenge.
if channel_bindings is not None:
status = kerberos.authGSSClientStep(ctx, "", channel_bindings=channel_bindings)
else:
status = kerberos.authGSSClientStep(ctx, "")
response = kerberos.authGSSClientResponse(ctx)
challenge = send_response_and_receive_challenge(response)
# Keep processing challenges and sending responses until
# authGSSClientStep reports AUTH_GSS_COMPLETE.
while status == kerberos.AUTH_GSS_CONTINUE:
if channel_bindings is not None:
status = kerberos.authGSSClientStep(
ctx, challenge, channel_bindings=channel_bindings
)
else:
status = kerberos.authGSSClientStep(ctx, challenge)
response = kerberos.authGSSClientResponse(ctx) or ""
challenge = send_response_and_receive_challenge(response)
# Decrypt the server's last challenge
kerberos.authGSSClientUnwrap(ctx, challenge)
data = kerberos.authGSSClientResponse(ctx)
# Encrypt a response including the user principal to authorize.
kerberos.authGSSClientWrap(ctx, data, user)
response = kerberos.authGSSClientResponse(ctx)
# Complete authentication.
send_response_and_receive_challenge(response)
if __name__ == '__main__':
authenticate_kerberos("nginx/kerberos.example.com", "", "nginx/kerberos.example.com@EXAMPLE.COM")
Hello, I've encountered some issues while attempting to authenticate using the winkerberos library as a client. After reviewing the current documentation for the winkerberos library, I find myself somewhat at a loss on how to proceed.
I have set up a principal
nginx/kerberos.example.com@EXAMPLE.COMon the KDC and obtained the corresponding keytab file. Could you guide me on how to properly pass parameters for authentication? I attempted to use the given example code, inputting the service asnginx/kerberos.example.comand the principal asnginx/kerberos.example.com@EXAMPLE.COM, but the execution resulted in an exception displaying garbled characters.program output:
example code: