stackoom
  简体   繁体   中英

How do I connect to a kerberos authenticated REST service in Python on Windows

 原文  2015-02-15 20:41:27       python/ windows/ python-requests/ kerberos

Question

I am trying to create a very simple Python script to download the contents of an internal service at my company that sits within our firewall and authenticates using kerberos.

When I installed the requests_kerberos module I first edited the import kerberos in it to use import kerberos_sspi as kerberos instead after having installed the kerberos_sspi module.

Thus I have the following Python script

import requests
from requests_kerberos import HTTPKerberosAuth

response = requests.get('http://service.internaldomain',auth=HTTPKerberosAuth())

print response

While trying to process the 401 it crashes out with the error.

error: (-2146893053, 'InitializeSecurityContext', 'The specified target is unknown or unreachable')

While looking into seeing if I could do this with curl instead I ran kinit and noticed that it asked me for the password to authorisation with the following prompt:

Password for username@additionalInternalDomain.internaldomain

Thus I wondered if this might be what is causing the issue.

3 answers

solution1
 1  2020-07-17 09:55:18

I have tried multiple libraries on python and failed when trying to authenticate from a windows machine.There is no easy way. The Kerberos libraries mainly work on Linux. The workarounds for Windows do not work. So what can be the solution to this. Well... be a Roman while in Rome. Try the windows native libraries from Python.

 import sys
 import clr
 from System.Net.Http import *
 myClienthandler = HttpClientHandler()
 myClienthandler.UseDefaultCredentials = True
 myClient = HttpClient(myClienthandler)
 x = myClient.GetStringAsync("putyourURLwithinthequoteshere")
 myresult = x.Result
 print(myresult)

Note that the this python script will have to run by the user who has access to the URL you are trying to access. By setting UseDefaultCredentials property as True , you are passing the Kerberos tickets for the logged in user.

solution2
 0  2019-06-13 14:18:08

The server is giving you a 401 challenge - and the client (usually a browser or even curl) provides the credentials in a subsequent call. If you are already logged in at your domain - try forcing a pre-emptive hop, ie you'd carry your Kerberos ticket with your call and the server will not give you a 401 challenge:

kerberos_auth = HTTPKerberosAuth(force_preemptive=True) r = requests.get("http://myhost/DXAPIGraphQL/api/graphql", auth=kerberos_auth)

If the above doesn't help look into the: principal and hostname_override arguments of the HTTPKerberosAuth class.

solution3
 0  2021-06-11 15:50:33

I had to connecto to a REST API who's in a keberized environment just now.

After some reading, i came to this (and it worked):

    tk = 'long_kerberos_token'
    headers = {'Authorization': 'Negotiate' + tk}
    r = requests.get(url=PING_URL, headers=headers)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Connect to authenticated REST service c# to get back JSON data How do I connect a bluetooth device to Windows with Python? How do I send authenticated https requests using Python? How do I ask for an authenticated url directly with python How to do kerberos authentication with a python suds client Accessing SPNEGO authenticated web service from Python on Windows How can I get a Kerberos ticket in Python How do you specify a windows service in python How do you access an authenticated Google App Engine service from a (non-web) python client? How can I connect to MySQL in Python 3 on Windows?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM