kerberos with urllib2 proof of concept

Trygve Laugstøl trygvis at inamo.no
Tue Jun 24 17:35:45 CDT 2008


Tim Olsen wrote:
> I'm turning the proof of concept into a library to use with urllib2.
> I've put up a mercurial repository at
> http://limedav.com/hg/urllib2_kerberos/
> 
> After further thought, I've decided that creating a plugin should not
> be too hard after that, considering that one can just add the kerberos
> handler to the default OpenerDirector

Wow, this is great! Now I can have both Mercurial over HTTP *and* not 
having to type the passord every time!

Solaris and Mac both have the kerberos command line tools (kinit and 
klist), but how would windows clients authenticate? Is there something 
similiar to kinit in windows?

--
Trygve

> Cheers,
> Tim
> 
> On Tue, 24 Jun 2008 15:43:10 -0400
> Tim Olsen <tim at brooklynpenguin.com> wrote:
> 
>> Martin Scholl inquired a few months ago whether kerberos HTTP
>> authentication support was planned [1].  Ezra Smith had replied back
>> that he had tried to do NTLM authentication (which also uses
>> Negotiate) but couldn't get it to work using urllib2 because it
>> required a persistent connection [2].
>>
>> I have succeeded in authenticating to a kerberized HTTP server using
>> urllib2 and the pykerberos library from Apple [3, 4].  A proof of
>> concept script is attached.  To run it, pass the kerberos-protected
>> url you would like to fetch as a command-line argument to the script.
>>
>> It appears that unlike NTLM authentication, kerberos only requires one
>> 401 response before giving back a 200.  That may be a reason that
>> kerberos auth is possible with urllib2, but NTLM is not.
>>
>> I'm going to see now if I can write a plugin to add kerberos support
>> to mercurial.  I'm fairly new to python so it could take me a
>> while ;-)
>>
>> Cheers,
>> Tim
>>
>> [1] http://selenic.com/pipermail/mercurial/2008-March/018191.html
>> [2] http://selenic.com/pipermail/mercurial/2008-March/018217.html
>> [3] http://trac.calendarserver.org/browser/PyKerberos/trunk
>> [4] http://packages.debian.org/search?keywords=python-kerberos
> _______________________________________________
> Mercurial mailing list
> Mercurial at selenic.com
> http://selenic.com/mailman/listinfo/mercurial



More information about the Mercurial mailing list