summaryrefslogtreecommitdiffhomepage
path: root/demos/demo_server.py
diff options
context:
space:
mode:
authorSebastian Deiss <s.deiss@science-computing.de>2014-02-11 13:08:11 +0100
committerSebastian Deiss <s.deiss@science-computing.de>2014-02-11 13:08:11 +0100
commit3e1f9f09b1da0397f82e4ee9e1886f5271705e29 (patch)
tree44fea1d9636830f32d95f144a8c20fbf4b2f30ad /demos/demo_server.py
parente7f41de2f2dac5d03404f35edc5514f12e42c49f (diff)
GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and user
authentication with Python 3 support Add Python 3 support for the GSS-API / SSPI authenticated Diffie-Hellman Key Exchange and user authentication. This patch supersedes pull request #250.
Diffstat (limited to 'demos/demo_server.py')
-rw-r--r--demos/demo_server.py37
1 files changed, 35 insertions, 2 deletions
diff --git a/demos/demo_server.py b/demos/demo_server.py
index bb35258b..74e4677e 100644
--- a/demos/demo_server.py
+++ b/demos/demo_server.py
@@ -66,9 +66,39 @@ class Server (paramiko.ServerInterface):
if (username == 'robey') and (key == self.good_pub_key):
return paramiko.AUTH_SUCCESSFUL
return paramiko.AUTH_FAILED
+
+ def check_auth_gssapi_with_mic(self, username,
+ gss_authenticated=paramiko.AUTH_FAILED,
+ cc_file=None):
+ """
+ @note: We are just checking in L{AuthHandler} that the given user is
+ a valid krb5 principal!
+ We don't check if the krb5 principal is allowed to log in on
+ the server, because there is no way to do that in python. So
+ if you develop your own SSH server with paramiko for a certain
+ platform like Linux, you should call C{krb5_kuserok()} in your
+ local kerberos library to make sure that the krb5_principal has
+ an account on the server and is allowed to log in as a user.
+ @see: U{krb5_kuserok() man page <http://www.unix.com/man-page/all/3/krb5_kuserok/>}
+ """
+ if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
+ return paramiko.AUTH_SUCCESSFUL
+ return paramiko.AUTH_FAILED
+
+ def check_auth_gssapi_keyex(self, username,
+ gss_authenticated=paramiko.AUTH_FAILED,
+ cc_file=None):
+ if gss_authenticated == paramiko.AUTH_SUCCESSFUL:
+ return paramiko.AUTH_SUCCESSFUL
+ return paramiko.AUTH_FAILED
+
+ def enable_auth_gssapi(self):
+ UseGSSAPI = True
+ GSSAPICleanupCredentials = False
+ return UseGSSAPI
def get_allowed_auths(self, username):
- return 'password,publickey'
+ return 'gssapi-keyex,gssapi-with-mic,password,publickey'
def check_channel_shell_request(self, channel):
self.event.set()
@@ -79,6 +109,8 @@ class Server (paramiko.ServerInterface):
return True
+DoGSSAPIKeyExchange = True
+
# now connect
try:
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
@@ -101,7 +133,8 @@ except Exception as e:
print('Got a connection!')
try:
- t = paramiko.Transport(client)
+ t = paramiko.Transport(client, gss_kex=DoGSSAPIKeyExchange)
+ t.set_gss_host(socket.getfqdn(""))
try:
t.load_server_moduli()
except: