kerberos with urllib2 proof of concept
Tim Olsen
tim at brooklynpenguin.com
Tue Jun 24 16:28:06 CDT 2008
I'm turning the proof of concept into a library to use with urllib2.
I've put up a mercurial repository at
http://limedav.com/hg/urllib2_kerberos/
After further thought, I've decided that creating a plugin should not
be too hard after that, considering that one can just add the kerberos
handler to the default OpenerDirector
Cheers,
Tim
On Tue, 24 Jun 2008 15:43:10 -0400
Tim Olsen <tim at brooklynpenguin.com> wrote:
> Martin Scholl inquired a few months ago whether kerberos HTTP
> authentication support was planned [1]. Ezra Smith had replied back
> that he had tried to do NTLM authentication (which also uses
> Negotiate) but couldn't get it to work using urllib2 because it
> required a persistent connection [2].
>
> I have succeeded in authenticating to a kerberized HTTP server using
> urllib2 and the pykerberos library from Apple [3, 4]. A proof of
> concept script is attached. To run it, pass the kerberos-protected
> url you would like to fetch as a command-line argument to the script.
>
> It appears that unlike NTLM authentication, kerberos only requires one
> 401 response before giving back a 200. That may be a reason that
> kerberos auth is possible with urllib2, but NTLM is not.
>
> I'm going to see now if I can write a plugin to add kerberos support
> to mercurial. I'm fairly new to python so it could take me a
> while ;-)
>
> Cheers,
> Tim
>
> [1] http://selenic.com/pipermail/mercurial/2008-March/018191.html
> [2] http://selenic.com/pipermail/mercurial/2008-March/018217.html
> [3] http://trac.calendarserver.org/browser/PyKerberos/trunk
> [4] http://packages.debian.org/search?keywords=python-kerberos
More information about the Mercurial
mailing list