quantum/nginx-krbauth
1
0
Fork 0
mirror of https://github.com/quantum5/nginx-krbauth.git synced 2025-07-26 19:54:13 -04:00
Code Issues Packages Projects Releases Wiki Activity

Make GSSAPI usage optional

Browse source
This commit is contained in:
Quantum 2025-07-20 17:23:00 -04:00
parent 5557530ff9
commit 32cebf4691
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
nginx_krbauth.py
View file

@ -34,6 +34,7 @@ LDAP_SEARCH_BASE = os.environ.get('KRBAUTH_LDAP_SEARCH_BASE')
LDAP_USER_DN = os.environ.get('KRBAUTH_LDAP_USER_DN')
assert not LDAP_USER_DN or LDAP_USER_DN.count('%s') == 1
ENABLE_GSSAPI = os.environ.get('KRBAUTH_DISABLE_GSSAPI', '0').lower() not in ('1', 'yes')
GSSAPI_NAME = os.environ.get('KRBAUTH_GSSAPI_NAME')
if GSSAPI_NAME:
gssapi_name = gssapi.Name(GSSAPI_NAME, gssapi.NameType.hostbased_service)
@ -96,7 +97,7 @@ def make_401(reason: str, negotiate: Optional[str] = 'Negotiate', **kwargs) -> R
</body>
</html>
''' % (reason,), status=401)
if negotiate:
if ENABLE_GSSAPI and negotiate:
resp.headers.add('WWW-Authenticate', negotiate)
if LDAP_USER_DN:
resp.headers.add('WWW-Authenticate', 'Basic')
@ -192,7 +193,7 @@ def auth() -> Response:
if check_tls():
return auth_success(context, next_url)
if authorization.startswith('Negotiate '):
if ENABLE_GSSAPI and authorization.startswith('Negotiate '):
return auth_spnego(context, next_url)
if LDAP_USER_DN and authorization.startswith('Basic '):
return auth_basic(context, next_url)