Add Kerberos proxy authentication handling

[enzolis]

This is a PR based on the discussion here: https://github.com/requests/requests-kerberos/issues/148

Basically, it adds handling of status code 407 and the generation of an authentication header to communicate via an authenticating proxy (in my case a company proxy).

[jborean93]

The changes in https://github.com/requests/requests-kerberos/pull/163 has resulted in some merge conflicts in the test file. If you are still interested in getting this in I can have a look at the changes once it has been fixed otherwise I'll close this PR.

[jborean93]

Thanks for rebasing the code. I've just had a play with the changes here and I was able to authenticate with a Kerberos backed proxy when connecting to a HTTP endpoint but it seems like this doesn't work for HTTPS endpoint (the final target is HTTPS not the proxy). Requests fails with

requests.exceptions.ProxyError: HTTPSConnectionPool(host='hostname', port=1234): Max retries exceeded with url: / (Caused by ProxyError('Cannot connect to proxy.', OSError('Tunnel connection failed: 407 Proxy Authentication Required')))

It does seem like this might be a bug in requests/urllib3 where it is not calling the auth handler for failed CONNECT requests which is how proxies work when the final target is a HTTPS endpoint. Is this something you can replicate on your end, just trying to rule out whether this is just maybe an environment problem on my side or something that should be called out explicitly.

[enzolis]

Hi Jordan,

this is unfortunately correct. I think these contain the relevant information: https://github.com/psf/requests/issues/1582 https://github.com/urllib3/urllib3/issues/242

BR

[jborean93]

Thanks for clarifying, I think for the initial work we can live with that support and add HTTPS support in the future if requests eventually fixes that problem.