I'm trying to get a requests_gssapi client talk to a Flask-GSSAPI service. (I'm using MIT krb5 1.19.1, python-gssapi 1.6.12, python-requests-gssapi 1.2.3, and python-flask-gssapi 1.4.0.)
Somehow, despite its name, HTTPSPNEGOAuth()doesn't send a SPNEGO token (1.3.6.1.5.5.2) by default -- it always defaults to sending a plain Kerberos token (1.2.840.113554.1.2.2). This is accepted by Apache mod_auth_gssapi, but not by Flask-GSSAPI.
I can get the two to interoperate if I specifically tell requests_gssapi to use SPNEGO as mentioned in the documentation...
...but I am not sure whether this is already the Right Way of things, or should Flask-GSSAPI be changed to accept plain Kerberos, or should requests_gssapi be using SPNEGO by default, or is it just my machine that isn't quite working right?
I'm trying to get a requests_gssapi client talk to a Flask-GSSAPI service. (I'm using MIT krb5 1.19.1, python-gssapi 1.6.12, python-requests-gssapi 1.2.3, and python-flask-gssapi 1.4.0.)
Somehow, despite its name,
HTTPSPNEGOAuth()
doesn't send a SPNEGO token (1.3.6.1.5.5.2) by default -- it always defaults to sending a plain Kerberos token (1.2.840.113554.1.2.2). This is accepted by Apache mod_auth_gssapi, but not by Flask-GSSAPI.I can get the two to interoperate if I specifically tell requests_gssapi to use SPNEGO as mentioned in the documentation...
...but I am not sure whether this is already the Right Way of things, or should Flask-GSSAPI be changed to accept plain Kerberos, or should requests_gssapi be using SPNEGO by default, or is it just my machine that isn't quite working right?