{ "info": { "author": "Jordan Borean", "author_email": "jborean93@gmail.com", "bugtrack_url": null, "classifiers": [ "Development Status :: 4 - Beta", "License :: OSI Approved :: BSD License", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.6", "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5", "Programming Language :: Python :: 3.6", "Programming Language :: Python :: 3.7" ], "description": "requests-credssp\n================\n\n`Build Status `__\n`Appveyor Build\nstatus `__\n`Coverage\nStatus `__\n\nAbout this library\n------------------\n\nThis package allows for HTTPS CredSSP authentication using the requests\nlibrary. CredSSP is a Microsoft authentication that allows your\ncredentials to be delegated to a server giving you double hop\nauthentication.\n\nFeatures\n--------\n\nThis library supports the following CredSSP features\n\n- Protocol version 2 to 6\n- Initial authentication with NTLM or Kerberos\n- Message encryption support using the ``wrap`` and ``unwrap``\n functions\n\nRequirements\n------------\n\nThe following Python libraries are required;\n\n- Python 2.6, 2.7, 3.4+\n- `cryptography `__\n- `ntlm-auth `__\n- `six `__\n- `pyasn1>=0.3.1 `__\n- `pyOpenSSL>=16.0.0 `__\n- `requests>=2.0.0 `__\n- For Kerberos authentication on Unix\n `python-gssapi>=1.5.0 `__\n- For Kerberos authentication on Windows\n `pywin32 `__\n\nBy default, this library can authenticate with a Windows host using NTLM\nmessages, if Kerberos authentication is desired, please read the below.\n\nInstallation\n------------\n\nTo install requests-credssp, simply run\n\n::\n\n pip install requests-credssp\n\n # to install the optional Kerberos functionality, run (see below)\n pip install requests-credssp[kerberos]\n\nKerberos on Windows\n~~~~~~~~~~~~~~~~~~~\n\nTo add support for Kerberos authentication on a Windows host, the\n``pywin32`` Python library needs to be installed. According to their\nreadme you can install this with their binaries, otherwise it can\ninstalled through pip with\n\n::\n\n # installing pywin32 through pip is marked as experimental\n pip install requests-credssp[kerberos]\n\nKerberos on Non-Windows\n~~~~~~~~~~~~~~~~~~~~~~~\n\nTo add support for Kerberos authentication on a non-Windows host, the\nKerberos system headers must be installed and the ``python-gssapi``\nlibrary installed. To install the Kerberos system headers you can\ninstall the following packages;\n\n::\n\n # Via Yum (Centos RHEL)\n yum -y install python-devel krb5-devel krb5-libs krb5-workstation\n\n # Via Dnf (Fedora)\n dnf -y install python-devel krb5-devel krb5-libs krb5-workstation\n\n # Via Apt (Ubuntu)\n apt-get -y install python-dev libkrb5-dev krb5-user\n\n # Via Portage (Gentoo)\n emerge -av app-crypt/mit-krb5\n emerge -av dev-python/setuptools\n\n # Via pkg (FreeBSD)\n sudo pkg install security/krb5\n\n # Via OpenCSW (Solaris)\n pkgadd -d http://get.opencsw.org/now\n /opt/csw/bin/pkgutil -U\n /opt/csw/bin/pkgutil -y -i libkrb5_3\n\n # Via Pacman (Arch Linux)\n pacman -S krb5\n\nOnce installed, the Python Kerberos libraries can be installed with\n\n::\n\n pip install requests-credssp[kerberos]\n\nOnce installed, the file ``/etc/krb5.conf`` should be configured so it\ncan talk with the Kerberos KDC.\n\nTo add proper SPNEGO support with ``python-gssapi``, the\n`gss-ntlmss `__ should also be\ninstalled which adds NTLM as a supported GSSAPI mechanism required for\nproper SPNEGO interoperability with Windows. This package can be\ninstalled with;\n\n::\n\n # Via Yum (Centos RHEL) - requires epel-release\n yum -y install epel-release\n yum -y install gssntlmssp\n\n # Via Dnf (Fedora)\n dnf -y install gssntlmssp\n\n # Via Apt (Ubuntu)\n apt-get -y install gss-ntlmssp\n\n # Via Pacman (Arch Linux)\n pacman -S gss-ntlmssp\n\nAdditional Info\n---------------\n\nThe CredSSP protocol is quite complex and uses a lot of other protocols\nor standards to work properly. This unfortunately means some older hosts\nor settings are incompatible or require some workarounds to get working.\nCurrently you can configure the following settings when initialising the\nCredSSP class;\n\n- ``auth_mechanism``: The authentication mechanism to use initially,\n default is ``auto``\n- ``disable_tlsv1_2``: Whether to disable ``TLSv1.2`` support and work\n with older protocols like ``TLSv1.0``, default is ``False``\n- ``minimum_version``: The minimum CredSSP server version that is\n required by the client, default is ``2``\n\nAuthentication Mechanisms\n~~~~~~~~~~~~~~~~~~~~~~~~~\n\nPart of the CredSSP protocol is to authenticate the user\u2019s credentials\nusing the SPNEGO protocol. The SPNEGO protocol is also called\n``Negotiate`` and is able to negotiate a common protocol between the\nclient and the server which can currently be either ``NTLM`` or\n``Kerberos``. Kerberos is a tricky protocol to have set up but should be\nused wherever it is possible as NTLM uses older standards that are\nconsidered broken from a security perspective.\n\nDue to historical decisions and that Kerberos is not always available by\ndefault, the base install of ``requests-credssp`` will only work with\n``NTLM``. When the Kerberos packages are installed and configured,\n``requests-credssp`` will automatically attempt to use ``Kerberos`` if\npossible but fall back to ``NTLM`` if it fails like it would with\n``SPNEGO``. If you wish to force either ``Kerberos`` or ``NTLM`` instead\nof relying on the ``SPNEGO`` mechanism, you can set\n``auth_mechanism=`` when creating ``HttpCredSSPAuth`` like\nso;\n\n::\n\n import requests\n from requests_credssp import HttpCredSSPAuth\n\n # use SPNEGO (default if omitted)\n credssp_auth = HttpCredSSPAuth('domain\\\\user', 'password',\n auth_mechanism='auto')\n\n # only allow Kerberos\n credssp_auth = HttpCredSSPAuth('user@REALM.COM', 'password',\n auth_mechanism='kerberos')\n\n\n # only allow NTLM\n credssp_auth = HttpCredSSPAuth('domain\\\\user', 'password',\n auth_mechanism='ntlm')\n\n\n r = requests.get(\"https://server:5986/wsman\", auth=credssp_auth)\n\nTLS Protocol Versions\n~~~~~~~~~~~~~~~~~~~~~\n\nAs CredSSP uses TLS to encrypt the tokens that are transferred between\nthe client and the server, it is succeptible to differing\nimplementations of SSL. By default, ``requests-credssp`` will work with\nserver\u2019s that offer TLSv1.2 but older Windows hosts that do not support\nthis newer protocol version will\n\nTLSv1.2 was added in Windows Server 2012 and Windows 8 where older hosts\nneed an optional update to be installed for it to work. If this update\ncannot be installed or you are willing to accept the risks of using the\nolder TLS protocols, ``requests-credssp`` can be set to disable TLSv1.2\nand work with older protocols like so;\n\n.. code:: python\n\n import requests\n from requests_credssp import HttpCredSSPAuth\n\n credssp_auth = HttpCredSSPAuth('domain\\\\user', 'password', disable_tlsv1_2=True)\n r = requests.get(\"https://server:5986/wsman\", auth=credssp_auth)\n\nCredSSP Protocol Versions\n~~~~~~~~~~~~~~~~~~~~~~~~~\n\nRecently Microsoft has released a security update to CredSSP to mitigate\n`CVE\n2018-0886 `__.\nThe update added 2 new CredSSP protocol versions, ``5`` and ``6`` which\nchanges the way the client and server authenticate each other. While\nthese changes are transparent to someone who uses this library, it may\nbe prudent to set the minimum version that this client would\nauthenticate with. This means that any older server\u2019s who have not been\npatched for this vulnerability will be rejected.\n\nTo set a minimum protocol version that will only allow servers that have\nbeen patched for ``CVE 2018-0886``, set ``minimum_version=5`` when\ncreating ``HttpCredSSPAuth`` like so;\n\n::\n\n import requests\n from requests_credssp import HttpCredSSPAuth\n\n credssp_auth = HttpCredSSPAuth('domain\\\\user', 'password', minimum_version=5)\n r = requests.get(\"https://server:5986/wsman\", auth=credssp_auth)\n\nMessage Encryption\n~~~~~~~~~~~~~~~~~~\n\nYou can use this library to encrypt and decrypt messages sent to and\nfrom the server. Message encryption is done over the TLS channel that\nwas negotiated in the authentication stage. The below is an example of\nencrypting and decrypting messages, note this is only a basic example\nand not a working script and the actual implementation depends on the\nprotocol that is reading the messages.\n\n.. code:: python\n\n import requests\n from requests_credssp import HttpCredSSPAuth\n\n # build the auth request and sent an empty message to authenticate\n hostname = \"server\"\n session = requests.Session()\n session.auth = HttpCredSSPAuth('domain\\\\user', 'password')\n\n request = requests.Request('POST', \"https://%s:5986/wsman\" % server, data=None)\n prepared_request = self.session.prepare_request(request)\n response = session.send(prepared_request)\n\n context = session.auth.contexts[hostname]\n # encrypt the message using the wrap command\n message = b'hi server'\n encrypted_message = context.wrap(message)\n\n # send the encrypted message and get the encrypted response\n request = requests.Request('POST', 'https://server:5986/wsman', data=encrypted_message)\n prepared_request = self.session.prepare_request(request)\n response = session.send(prepared_request)\n\n # decrypt the encrypted response from the server\n encrypted_response = response.content\n decrypted_response = context.unwrap(encrypted_response)\n\nLogging\n-------\n\nThis library uses the standard Python logging facilities. Log messages\nare logged to the ``requests_credssp`` and ``requests_credssp.credssp``\nnamed loggers.\n\nIf you are receiving any errors or wish to debug the CredSSP process you\nshould enable DEBUG level logs. These logs show fine grain information\nsuch as the protocol and cipher negotiated and each CredSSP token used\nin the authentication process.\n\nBacklog\n-------\n\n- Replace dependency of pyOpenSSL if possible with inbuilt functions in\n Python\n- Add support for different credential types like smart card and\n redirected credentials\n\n\n", "description_content_type": "", "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/jborean93/requests-credssp", "keywords": "authentication auth microsoft credssp winrm", "license": "MIT", "maintainer": "", "maintainer_email": "", "name": "requests-credssp", "package_url": "https://pypi.org/project/requests-credssp/", "platform": "", "project_url": "https://pypi.org/project/requests-credssp/", "project_urls": { "Homepage": "https://github.com/jborean93/requests-credssp" }, "release_url": "https://pypi.org/project/requests-credssp/1.1.0/", "requires_dist": [ "cryptography", "ntlm-auth (>=1.2.0)", "six", "pyasn1 (>=0.3.1)", "pyOpenSSL (>=16.0.0)", "requests (>=2.0.0)", "gssapi (>=1.5.0) ; (sys_platform!=\"win32\") and extra == 'kerberos'", "pywin32 ; (sys_platform==\"win32\") and extra == 'kerberos'" ], "requires_python": "", "summary": "HTTPS CredSSP authentication with the requests library.", "version": "1.1.0" }, "last_serial": 5696657, "releases": { "0.0.1": [ { "comment_text": "", "digests": { "md5": "ee28e938fc8376760ef179184cc0f122", "sha256": "06ecc0bf6d4893acf0bbebd9dc305ec097df29d9ff410b686f32b4fb2ef4420e" }, "downloads": -1, "filename": "requests_credssp-0.0.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "ee28e938fc8376760ef179184cc0f122", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 13361, "upload_time": "2016-09-15T09:44:31", "url": "https://files.pythonhosted.org/packages/67/9f/fbbfd12c0278d53938bd2646c200c98dff9467bfa3e291acd5b441e1ceca/requests_credssp-0.0.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "4c507caf8e5875fe67c8c2adf95db948", "sha256": "bff609885c5dcee790af156d1f5ca663e6c62ffb8b725ce01721cdd7a7ceb8c9" }, "downloads": -1, "filename": "requests-credssp-0.0.1.zip", "has_sig": false, "md5_digest": "4c507caf8e5875fe67c8c2adf95db948", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13878, "upload_time": "2016-09-15T09:44:34", "url": "https://files.pythonhosted.org/packages/4f/3b/7ebb50bdd6fd54b56caa4abb36629a80cdb960754015f713578e08519723/requests-credssp-0.0.1.zip" } ], "0.0.2": [ { "comment_text": "", "digests": { "md5": "3fc173e0d259f78f77092a6797293d99", "sha256": "ca0249439a3a708eac211bb928450667f5f847d9aa6ef38d1ef7d995d64930b7" }, "downloads": -1, "filename": "requests_credssp-0.0.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "3fc173e0d259f78f77092a6797293d99", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 13372, "upload_time": "2017-03-17T08:30:00", "url": "https://files.pythonhosted.org/packages/d4/38/692004fcdb7e695ef056a666d8f10290f0eb64c587840549d2ce7c8c6e46/requests_credssp-0.0.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "e6dcd38d10c0f8361b88f19a5f941818", "sha256": "92f72c2c060c805a81670877d1d61272939587633b615510a57c0c336ebefa9b" }, "downloads": -1, "filename": "requests-credssp-0.0.2.zip", "has_sig": false, "md5_digest": "e6dcd38d10c0f8361b88f19a5f941818", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 13898, "upload_time": "2017-03-17T08:30:03", "url": "https://files.pythonhosted.org/packages/76/64/c64dd2be7cc94f1fbf43c9396bac2cbe8448fe1b433b96d3c713b714839e/requests-credssp-0.0.2.zip" } ], "0.1.0": [ { "comment_text": "", "digests": { "md5": "6d768130c389a6ff2df7613f0ed75459", "sha256": "74469da3bbb8c394c2893aa8794d6fa26a25c9b2ad7dd0ce9398ef5b0226d558" }, "downloads": -1, "filename": "requests_credssp-0.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "6d768130c389a6ff2df7613f0ed75459", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 17699, "upload_time": "2017-08-04T03:30:16", "url": "https://files.pythonhosted.org/packages/d6/df/0ae31b65f6658b282858d462c4f30cfda45dd16e885003784ac4f727e2ec/requests_credssp-0.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "81240c612c68624243bf662dc44ce7ef", "sha256": "f2888920b065bc1d3c8c13004fbb0df76fbd6585ee4d951d89c42ef22becee03" }, "downloads": -1, "filename": "requests-credssp-0.1.0.tar.gz", "has_sig": false, "md5_digest": "81240c612c68624243bf662dc44ce7ef", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 14545, "upload_time": "2017-08-04T03:30:18", "url": "https://files.pythonhosted.org/packages/87/28/3d0f7f5584c830799a3b013bf51a15aebd1a0216632976d50e552eee15ef/requests-credssp-0.1.0.tar.gz" } ], "1.0.0": [ { "comment_text": "", "digests": { "md5": "011c9f233e4f80acf73a7e0353fe4a2c", "sha256": "91e76d01c0f1e40e8f7bb7f5cdf6f1a57279b6fadd527d722e02bca35f3b08ed" }, "downloads": -1, "filename": "requests_credssp-1.0.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "011c9f233e4f80acf73a7e0353fe4a2c", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 20556, "upload_time": "2018-04-10T07:36:28", "url": "https://files.pythonhosted.org/packages/a1/ae/26170ea67acc2f85d3aa771d423a9337bf3c940bfdf6e272add01ca402d7/requests_credssp-1.0.0-py2.py3-none-any.whl" } ], "1.0.1": [ { "comment_text": "", "digests": { "md5": "e4a47aa57283cc6aa5b63729610cbbc8", "sha256": "b74612d1ccb55874c2483c6bb556c73021d6c1a1f85f8290fdc637c4a08ac4f1" }, "downloads": -1, "filename": "requests_credssp-1.0.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "e4a47aa57283cc6aa5b63729610cbbc8", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 20559, "upload_time": "2018-09-24T23:09:48", "url": "https://files.pythonhosted.org/packages/01/e3/c97e9afbcc8d43eb3838a4bf69702144fb519e2a36fb7d1fb7a509ccbcbf/requests_credssp-1.0.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "de6ffac1d3380a11c596eb03914d8846", "sha256": "25592a3f0c83d7b60db69881db40c460d6b5ac27fc8f3b294715800ce02e1e10" }, "downloads": -1, "filename": "requests-credssp-1.0.1.tar.gz", "has_sig": false, "md5_digest": "de6ffac1d3380a11c596eb03914d8846", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 21820, "upload_time": "2018-09-24T23:09:50", "url": "https://files.pythonhosted.org/packages/04/17/add9e7f744f1e0aa038a8648a6a7e53579c1d32a3bb26be509ce85bd0c42/requests-credssp-1.0.1.tar.gz" } ], "1.0.2": [ { "comment_text": "", "digests": { "md5": "b32a386a9e7e0b229d994e87c1b9e0ab", "sha256": "59595fe4e195837b2d89b5af4a1c0be97758ced221a30cbc3a87845866426767" }, "downloads": -1, "filename": "requests_credssp-1.0.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "b32a386a9e7e0b229d994e87c1b9e0ab", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 20553, "upload_time": "2018-11-14T07:40:28", "url": "https://files.pythonhosted.org/packages/92/bd/4b187dd2f11ffd8475cb225a5d80e02ebe25ebaa024d8dfa49f974b32fc8/requests_credssp-1.0.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "5bbc04d27b1e6606bce6907c4c251e91", "sha256": "b1fe2c42eb7258d4a754a9ad31344ad31a68375a87a10384e6519cdc0edfa546" }, "downloads": -1, "filename": "requests-credssp-1.0.2.tar.gz", "has_sig": false, "md5_digest": "5bbc04d27b1e6606bce6907c4c251e91", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 21813, "upload_time": "2018-11-14T07:40:30", "url": "https://files.pythonhosted.org/packages/cf/7d/2b1443c24e97f176c10361c9c38f7552e8c721d57ba2d7338d501c4a6be8/requests-credssp-1.0.2.tar.gz" } ], "1.1.0": [ { "comment_text": "", "digests": { "md5": "1d41a134fc63d1e3443c13db983a9dfd", "sha256": "6222db6b0afd3a923a2cda988a167b1bbb1b226d29929c0d252cab5f962480a6" }, "downloads": -1, "filename": "requests_credssp-1.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "1d41a134fc63d1e3443c13db983a9dfd", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 20330, "upload_time": "2019-08-19T04:30:22", "url": "https://files.pythonhosted.org/packages/a7/c0/8e97867cb7c83f862b4b2098a635eef8752d415e3bde0710bea5e969f44e/requests_credssp-1.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "32b1a8af78a5f9ab7e7c50db8e446f74", "sha256": "02244edb2fb7e747eb645294b14eaaf6cdd7540b86d858d78ac72daf4c5c866a" }, "downloads": -1, "filename": "requests-credssp-1.1.0.tar.gz", "has_sig": false, "md5_digest": "32b1a8af78a5f9ab7e7c50db8e446f74", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22994, "upload_time": "2019-08-19T04:30:24", "url": "https://files.pythonhosted.org/packages/24/a6/a8a1a9238497c00013b6b5f343781034f3d56faa1d3b4b18558bdc6426a6/requests-credssp-1.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "1d41a134fc63d1e3443c13db983a9dfd", "sha256": "6222db6b0afd3a923a2cda988a167b1bbb1b226d29929c0d252cab5f962480a6" }, "downloads": -1, "filename": "requests_credssp-1.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "1d41a134fc63d1e3443c13db983a9dfd", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 20330, "upload_time": "2019-08-19T04:30:22", "url": "https://files.pythonhosted.org/packages/a7/c0/8e97867cb7c83f862b4b2098a635eef8752d415e3bde0710bea5e969f44e/requests_credssp-1.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "32b1a8af78a5f9ab7e7c50db8e446f74", "sha256": "02244edb2fb7e747eb645294b14eaaf6cdd7540b86d858d78ac72daf4c5c866a" }, "downloads": -1, "filename": "requests-credssp-1.1.0.tar.gz", "has_sig": false, "md5_digest": "32b1a8af78a5f9ab7e7c50db8e446f74", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 22994, "upload_time": "2019-08-19T04:30:24", "url": "https://files.pythonhosted.org/packages/24/a6/a8a1a9238497c00013b6b5f343781034f3d56faa1d3b4b18558bdc6426a6/requests-credssp-1.1.0.tar.gz" } ] }