Metadata-Version: 1.2
Name: django-gssapi
Version: 1.0
Summary: GSSAPI authentication for Django
Home-page: http://dev.entrouvert.org/projects/django-gssapi/
Author: Entr'ouvert
Author-email: info@entrouvert.org
Maintainer: Benjamin Dauvergne
Maintainer-email: bdauvergne@entrouvert.com
License: AGPLv3 or later
Description: GSSAPI authentication for Django
        ==================================
        
        Provide GSSAPI (SPNEGO) authentication to Django applications.
        
        It's a rewrite of django-kerberos using python-gssapi.
        
        It's only tested with MIT Kerberos 5 using package k5test.
        
        Python 2 and 3, Django >1.8 are supported.
        
        Basic usage
        ===========
        
        Add this to your project `urls.py`::
        
            url('^auth/gssapi/', include('django_gssapi.urls')),
        
        And use the default authentication backend, by adding that to your `settings.py` file::
        
            AUTHENTICATION_BACKENDS = (
                'django_gssapi.backends.GSSAPIBackend',
            )
        
        View
        ====
        
        django-gssapi provide a base LoginView that you can subclass to get the
        behaviour your need, the main extension points are:
        
        - `challenge()` returns the 401 response with the challenge, you should override it
          to show a template explaining the failure,
        - `success(user)` it should log the given user and redirect to REDIRECT_FIELD_NAME,
        - `get_service_name()` it should return a gssapi.Name for your service, by
          default it returns None, so GSSAPI will match any name available (for example
          with Kerberos it will match any name in your keytab, like
          @HTTP/my.domain.com@).
        
        Settings
        ========
        
        To make your application use GSSAPI as its main login method::
        
            LOGIN_URL = 'gssapi-login'
        
        Your application need an environment where the GSSAPI mechanism like Kerberos
        will work, for Kerberos it means having a default keytab of creating one and
        setting its path in KRB5_KTNAME or you can use `GSSAPI_STORE` with MIT Kerberos
        5 and credential store extension to indicate a keytab::
        
            GSSAPI_STORE = {'keytab': 'FILE:/var/lib/mykeytab'}
        
        You can also force a GSSAPI name for you service with::
        
            import gssapi
        
            GSSAPI_NAME = gssapi.Name('HTTP/my.service.com', gssapi.MechType.hostbased_service)
        
        GSSAPI authentication backend
        =============================
        
        A dummy backend is provided in `django_gssapi.backends.GSSAPIBackend` it looks
        up user with the same username as the GSSAPI name. You should implement it for
        your use case.
        
        A custom authentication backend must have the following signature::
        
            class CustomGSSAPIBackend(object):
                def authenticate(self, request, gssapi_name):
                    pass
        
        The parameter `gssapi_name` is a `gssapi.Name` object, it can be casted to
        string to get the raw name.
        
        Kerberos username/password backend
        ==================================
        
        If your users does not have their browser configured for SPNEGO HTTP
        authentication you can also provide a classic login/password form which check
        passwords using Kerberos. For this use
        `django_gssapi.backends.KerberosPasswordBackend`, the username is used as the
        raw principal name.
        
        
        django-rest-framework authentication backend
        ============================================
        
        To authenticate users with GSSAPI you can use
        `django_gssapi.drf.GSSAPIAuthentication`, it uses the configured GSSAPI
        authentication backend to find an user and returns the GSSAPI name in
        `request.auth`.
        
Platform: UNKNOWN
