kerberos高级windows接口
kerberos-sspi的Python项目详细描述
kerberos sspi
这个python包是api级别的,相当于kerberos python 但是它没有使用mit krb5包,而是使用windows SSPI功能。允许您的服务器和/或客户端使用 在windows下运行的kerberos包 kerberos sspi而不是kerberos包。
(如果将python与cygwin结合使用,那么您可能只需要使用原始的 带有编译的mit kerberos包的kerberos包。)
如何使用
下面是一个示例:
try:importkerberosaskexcept:importkerberos_sspiaskfrombase64importencodestring,decodestringflags=k.GSS_C_CONF_FLAG|k.GSS_C_INTEG_FLAG|k.GSS_C_MUTUAL_FLAG|k.GSS_C_SEQUENCE_FLAGerrc,client=k.authGSSClientInit("test@vm-win7-kraemer",gssflags=flags)# to run a kerberos enabled server under my account i do as domain admin:# setspn -A test/vm-win7-kraemer MYDOMAIN\kraemer# (might have to wait a few minutes before all DCs in active directory pick it up)errs,server=k.authGSSServerInit("test@vm-win7-kraemer")cres=sres=k.AUTH_GSS_CONTINUEresponse=""round=0whilesres==k.AUTH_GSS_CONTINUEorcres==k.AUTH_GSS_CONTINUE:ifcres==k.AUTH_GSS_CONTINUE:cres=k.authGSSClientStep(client,response)ifcres==-1:print("clientstep error")breakresponse=k.authGSSClientResponse(client)ifsres==k.AUTH_GSS_CONTINUE:sres=k.authGSSServerStep(server,response)ifsres==-1:print("serverstep error")breakresponse=k.authGSSServerResponse(server)print("round:",round)print("server status :",sres)print("client status :",cres)round+=1ifsres==k.AUTH_GSS_COMPLETEandcres==k.AUTH_GSS_COMPLETE:print("client: my username:",k.authGSSClientUserName(client))print("server: who authenticated to me:",k.authGSSServerUserName(server))print("server: my spn:",k.authGSSServerTargetName(server))else:print("failed!")
什么不起作用
方法:
- 更改密码
- 获取服务器原理细节
未实现并引发异常
标志:
- GSS_c_anon_标志
- GSS_c_prot_ready_标志
- GSS_c_trans_标志
不支持(也未定义,因此访问它们将 也抛出一个异常)。为什么?我找不到相应的 这些标志的ISC要求…