@@ -3,7 +3,15 @@ requests GSSAPI authentication library
33
44Requests is an HTTP library, written in Python, for human beings. This library
55adds optional GSSAPI authentication support and supports mutual
6- authentication. Basic GET usage:
6+ authentication.
7+
8+ It provides a fully backward-compatible shim for the old
9+ python-requests-kerberos library: simply replace ``import requests_kerberos ``
10+ with ``import requests_gssapi ``. A more powerful interface is provided by the
11+ HTTPSPNEGOAuth component, but this is of course not guaranteed to be
12+ compatible. Documentation below is written toward the new interface.
13+
14+ Basic GET usage:
715
816
917.. code-block :: python
@@ -77,8 +85,8 @@ authentication, you can do that as well:
7785 >> > r = requests.get(" http://example.org" auth = gssapi_auth)
7886 ...
7987
80- Preemptive Authentication
81- -------------------------
88+ Opportunistic Authentication
89+ ----------------------------
8290
8391``HTTPSPNEGOAuth `` can be forced to preemptively initiate the GSSAPI
8492exchange and present a token on the initial request (and all
@@ -87,13 +95,13 @@ subsequent). By default, authentication only occurs after a
8795is received from the origin server. This can cause mutual authentication
8896failures for hosts that use a persistent connection (eg, Windows/WinRM), as
8997no GSSAPI challenges are sent after the initial auth handshake. This
90- behavior can be altered by setting ``force_preemptive =True
98+ behavior can be altered by setting ``opportunistic_auth =True
9199
92100.. code-block :: python
93101
94102 >> > import requests
95103 >> > from requests_gssapi import HTTPSPNEGOAuth, REQUIRED
96- >> > gssapi_auth = HTTPSPNEGOAuth(mutual_authentication = REQUIRED , force_preemptive = True )
104+ >> > gssapi_auth = HTTPSPNEGOAuth(mutual_authentication = REQUIRED , opportunistic_authentication = True )
97105 >> > r = requests.get(" https://windows.example.org/wsman" auth = gssapi_auth)
98106 ...
99107
@@ -103,31 +111,30 @@ Hostname Override
103111If communicating with a host whose DNS name doesn't match its
104112hostname (eg, behind a content switch or load balancer),
105113the hostname used for the GSSAPI exchange can be overridden by
106- setting the `` hostname_override `` arg :
114+ passing in a custom name (string or `` gssapi.Name ``) :
107115
108116.. code-block :: python
109117
110118 >> > import requests
111119 >> > from requests_gssapi import HTTPSPNEGOAuth, REQUIRED
112- >> > gssapi_auth = HTTPSPNEGOAuth(hostname_override = " internalhost.local"
120+ >> > gssapi_auth = HTTPSPNEGOAuth(target_name = " internalhost.local"
113121 >> > r = requests.get(" https://externalhost.example.org/" auth = gssapi_auth)
114122 ...
115123
116124
117125------------------
118126
119- ``HTTPSPNEGOAuth `` normally uses the default principal (ie, the user for
120- whom you last ran ``kinit `` or ``kswitch ``, or an SSO credential if
121- applicable). However, an explicit principal can be specified, which will
122- cause GSSAPI to look for a matching credential cache for the named user.
123- This feature depends on OS support for collection-type credential caches.
124- An explicit principal can be specified with the ``principal `` arg:
127+ ``HTTPSPNEGOAuth `` normally uses the default principal (ie, the user for whom
128+ you last ran ``kinit `` or ``kswitch ``, or an SSO credential if
129+ applicable). However, an explicit credential can be in instead, if desired.
125130
126131.. code-block :: python
127132
133+ >> > import gssapi
128134 >> > import requests
129135 >> > from requests_gssapi import HTTPSPNEGOAuth, REQUIRED
130- >> > gssapi_auth = HTTPSPNEGOAuth(principal = " user@REALM"
136+ >> > creds = gssapi.Credentials(name = gssapi.Name(" user@REALM" usage = " initiate"
137+ >> > gssapi_auth = HTTPSPNEGOAuth(creds = creds)
131138 >> > r = requests.get(" http://example.org" auth = gssapi_auth)
132139 ...
133140
0 commit comments