I am trying to call a Flask API endpoint (http://monarch.example.com:8080/) hosted in Apache web server in a Linux machine. This endpoint is protected by Kerberos authentication. I use kinit user
to initialize Kerberos.
Then I am using python kerberos library to get the ticket and requests library for the api call. I am providing the ticket in the Authorization header of the request. Relevant code snippet for that:
`__, krb_context = kerberos.authGSSClientInit("[email protected]")
kerberos.authGSSClientStep(krb_context, "")
auth_header = ("Negotiate " + kerberos.authGSSClientResponse(krb_context))
headers = {"Authorization": auth_header}`
I have checked that the Authorization header is populated with a value.
However I get 401-unauthorized as response.
The Kerberos configuration from /etc/apache2/sites-available/monarch.conf
for the Service containing the endpoint is:
<Directory /var/www/monarch>
AuthType Kerberos
AuthName "Acme Corporation"
KrbAuthRealms EXAMPLE.COM
KrbMethodNegotiate Off
KrbSaveCredentials Off
KrbVerifyKDC Off
KrbMethodK5Passwd On
# Krb5Keytab /etc/apache2/http.keytab
Krb5keytab /etc/krb5.keytab
Require user [email protected]
</Directory>
Lastly, the list of principals is:
host/[email protected]
HTTP/[email protected]
K/[email protected]
kadmin/[email protected]
kadmin/[email protected]
krbtgt/[email protected]
[email protected]
root/[email protected]
I have been stuck with this problem for a few days now. It would be great if anyone can help me in this regard.