{"id":21464253,"url":"https://github.com/shuque/pykpass","last_synced_at":"2026-05-11T16:37:38.914Z","repository":{"id":2141162,"uuid":"3085283","full_name":"shuque/pykpass","owner":"shuque","description":"Python extension for Kerberos 5 password verification","archived":false,"fork":false,"pushed_at":"2012-01-02T02:54:01.000Z","size":96,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-17T05:24:50.519Z","etag":null,"topics":["authentication","c","extension","kerberos","password","python","verification"],"latest_commit_sha":null,"homepage":"http://www.huque.com/software/pykpass/","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/shuque.png","metadata":{"files":{"readme":"README","changelog":"CHANGELOG","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2012-01-02T02:44:43.000Z","updated_at":"2020-06-20T01:16:41.000Z","dependencies_parsed_at":"2022-07-18T08:30:44.899Z","dependency_job_id":null,"html_url":"https://github.com/shuque/pykpass","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/shuque/pykpass","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shuque%2Fpykpass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shuque%2Fpykpass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shuque%2Fpykpass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shuque%2Fpykpass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/shuque","download_url":"https://codeload.github.com/shuque/pykpass/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/shuque%2Fpykpass/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32903773,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-10T13:40:02.631Z","status":"online","status_checked_at":"2026-05-11T02:00:05.975Z","response_time":120,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","c","extension","kerberos","password","python","verification"],"created_at":"2024-11-23T07:30:31.181Z","updated_at":"2026-05-11T16:37:38.900Z","avatar_url":"https://github.com/shuque.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"Module: kpass\nVersion: 0.5\nDistribution file: pykpass-0.5.tar.gz\nAuthor: Shumon Huque \u003cshuque -at- isc.upenn.edu\u003e\n\n    kpass( username, password, service, host, kt_pathname )\n\nEXAMPLE USAGE:\n\n\tfrom kpass import kpass, KpassError\n        try:\n            rc = kpass(\"frank\", \"bozo\", \"blah\", None, \"FILE:/etc/my.keytab\")\n        except KpassError, diag:\n            print \"Error: %s\" % str(diag)\n        else:\n            if (rc == 1):\n                print \"Authentication success\"\n            else:\n                print \"Authentication failure\"\n\nDESCRIPTION:\n\nThis Python extension module provides a simple function called\nkpass() to perform password verification using Kerberos 5. It is \nintended for use by applications that cannot use the Kerberos \nprotocol natively, but need to authenticate users against the \nKerberos database. If it must be run on a system that receives a \nusername and password over the network, steps should be taken to \nensure that these are passed to that system in a cryptographically \nsecure manner.\n\nkpass() attempts to validate a given user's Kerberos username and\npassword. It does this in the following manner: it first obtains a \nKerberos ticket for the specified service for the given username and \npassword from the Kerberos AS. And then attempts to decrypt the ticket \nusing the key stored in the specified keytable file to verify the \nauthenticity of the AS response. The python 'None' type can be passed \nas the 4th (host) argument to use the fully canonicalized primary \nhostname of the system that the function is executed on. The fifth \nargument can also be 'None' to use the system's default keytab file \n(usually \"FILE:/etc/krb5.keytab\").\n\nNote that previous versions of this module obtained a TGT from the\nAS and then subsequently used that to obtain the service ticket from\nthe TGS. Directly obtaining the service ticket from the AS saves a\nround trip with the KDC and the associated cryptographic computations.\n\nLocal password verification doesn't need a replay cache, so kpass() \nby disables it. This speeds things up quite a bit, if you are invoking \nthis function many times in quick succession.\n\nkpass() returns 1 if password verification is successful, 0 if the \nusername or password is incorrect and raises a custom exception of\n\"KpassError\" if a system error is encountered.\n\nkpass() relies on obtaining Kerberos realm and KDC information \nfrom the invoking environment. Typically it will get this from\nthe system's Kerberos configuration file (krb5.conf) and/or DNS\nrecords. One quick way to override the default environment is to\ncreate a custom krb5.conf file and set the pathname to this file\nas the value of the KRB5_CONFIG environment variable.\n\nThis distribution is accompanied by a PGP signature. My PGP public\nkey can be obtained from \u003chttp://www.huque.com/~shuque/pgp/\u003e or one\nof the PGP key servers.\n\nPRE-REQUISITES:\n\n\t- Python 2.x\n\t- MIT Kerberos V5 Release 1.3.x or newer (this package\n\t  seems to work with recent versions of Heimdal also,\n\t  but I have not tested this extensively).\n\t- Creation of an application service principal on the\n\t  Kerberos server for use by this function.\n\t- Storing this principal and it's associated key in\n\t  a local keytab file.\n\nINSTALLATION:\n\n1. Edit the file \"setup.py\" if necessary, to reflect the proper\n   locations of the MIT Kerberos 5 libraries, include files, and\n   other paraphernalia for your system.\n\n2. Build the distribution:\n\n\tpython setup.py build\n\n3. Install it (probably as 'root' to install system wide):\n\n\tpython setup.py install\n\n   (If you just want to install the module in your home directory,\n   use \"python setup.py install --home $HOME\", which will usually \n   put it in $HOME/lib/python/)\n\n4. For testing the function, you'll need to edit the test/test1.py\n   file appropriately for your environment (or write your own\n   python code).\n\nShumon Huque\nE-mail: \u003cshuque -at- isc.upenn.edu\u003e\nWeb: http://www.huque.com/~shuque/\nUniversity of Pennsylvania.\n\nCopyright (c) 2005 - 2011, Shumon Huque. All rights reserved.  \nThis program is free software; you can redistribute it and/or modify \nit under the same terms as Python itself.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshuque%2Fpykpass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fshuque%2Fpykpass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fshuque%2Fpykpass/lists"}