diff options
author | Matthias Witte <m.witte@telekom.de> | 2014-11-25 18:15:16 +0100 |
---|---|---|
committer | Matthias Witte <m.witte@telekom.de> | 2014-11-25 18:15:16 +0100 |
commit | b3b0f2d0dff3aef736128935302aeb6adb1ee020 (patch) | |
tree | 16d9fe959aede76a0a6ed4d1a6e59a90198dc6f8 /demos/demo_server.py | |
parent | 47da1935dc84784bfee2e493474232bf2e0d8d37 (diff) | |
parent | 838ab5b23274ddea0b5671b7f2d5a295dcd02dfe (diff) |
Merge upstream branch 'master' into add_sha2_support
Conflicts:
paramiko/transport.py
tests/test_transport.py
Diffstat (limited to 'demos/demo_server.py')
-rw-r--r-- | demos/demo_server.py | 40 |
1 files changed, 38 insertions, 2 deletions
diff --git a/demos/demo_server.py b/demos/demo_server.py index bb35258b..5b3d5164 100644 --- a/demos/demo_server.py +++ b/demos/demo_server.py @@ -66,9 +66,42 @@ class Server (paramiko.ServerInterface): if (username == 'robey') and (key == self.good_pub_key): return paramiko.AUTH_SUCCESSFUL return paramiko.AUTH_FAILED + + def check_auth_gssapi_with_mic(self, username, + gss_authenticated=paramiko.AUTH_FAILED, + cc_file=None): + """ + .. note:: + We are just checking in `AuthHandler` that the given user is a + valid krb5 principal! We don't check if the krb5 principal is + allowed to log in on the server, because there is no way to do that + in python. So if you develop your own SSH server with paramiko for + a certain platform like Linux, you should call ``krb5_kuserok()`` in + your local kerberos library to make sure that the krb5_principal + has an account on the server and is allowed to log in as a user. + + .. seealso:: + `krb5_kuserok() man page + <http://www.unix.com/man-page/all/3/krb5_kuserok/>`_ + """ + if gss_authenticated == paramiko.AUTH_SUCCESSFUL: + return paramiko.AUTH_SUCCESSFUL + return paramiko.AUTH_FAILED + + def check_auth_gssapi_keyex(self, username, + gss_authenticated=paramiko.AUTH_FAILED, + cc_file=None): + if gss_authenticated == paramiko.AUTH_SUCCESSFUL: + return paramiko.AUTH_SUCCESSFUL + return paramiko.AUTH_FAILED + + def enable_auth_gssapi(self): + UseGSSAPI = True + GSSAPICleanupCredentials = False + return UseGSSAPI def get_allowed_auths(self, username): - return 'password,publickey' + return 'gssapi-keyex,gssapi-with-mic,password,publickey' def check_channel_shell_request(self, channel): self.event.set() @@ -79,6 +112,8 @@ class Server (paramiko.ServerInterface): return True +DoGSSAPIKeyExchange = True + # now connect try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) @@ -101,7 +136,8 @@ except Exception as e: print('Got a connection!') try: - t = paramiko.Transport(client) + t = paramiko.Transport(client, gss_kex=DoGSSAPIKeyExchange) + t.set_gss_host(socket.getfqdn("")) try: t.load_server_moduli() except: |