Commits on Jul 13, 2023

1. Kerberos Auth Implementation …

   Auth implementation, based upon LDAP
   I do not currently have access to a KDC so this is adapted from 3 year old code.
   
   I also have never tested gssapi with Active Directory / Azure AD
   I highly encourage testing and comments for both MIT KDC and Active Directory.
   
   Also I'm not expert at poetry  so please review the pyproject.toml additions carefully.
   
   A Note about Kerberos
   I have a lot of experience working with kerberos and deploying applications into the enterprise.
   The login method defined here was arrived at after 5 million complaints and help requests from various teams of administrators that were NOT familiar with kerberos but just wanted to authenticate.
   The logic within largely protects the user from themselves and the major mis-configuration pitfalls.
   
   Kerberos will not warn you if your keytab doesn't exist, or your principal or service name is invalid or illogical.
   Kerberos also will attempt a whole suite of authentication methods.
   
   If you give kerberos a keytab that doesn't work, you'll get an error saying something like "your password is invalid" - why ?
   
   Because kerberos tries every possible auth mechanism and misleads the user about what the real problem is.
   
   So with that in mind, please don't assume any lines of codes are wasted in the login method - GOOD LUCK!

   

   bendemott committed Jul 13, 2023
   Configuration menu

   • View commit details
   • Copy full SHA for 96fa61c
   • Browse repository at this point

   Copy the full SHA

   96fa61c View commit details

   Browse the repository at this point in the history