Reputation: 21
Can't access app with curl when using Flask-Kerberos
I am unable to access a Kerberos enabled Flask app when the app is run Flask-Kerberos instead of Apache with Kerberos.
When the script is run under Apache (where Apache is Kerberos enabled), I can access the url with curl (using the --negotiate option) as well as from a browser.
When the script is run as standalone using Kerberos-Flask, I can access the url from a browser, but not from curl. I get the following error with curl.
@krbapp.route('/')
@requires_authentication
def index(user):
return "Hello, World!"
curl --negotiate -u foo http://server:5113
Enter host password for user 'foo':
File "/usr/local/lib/python2.7/site-packages/Flask-0.10.1->py2.7.egg/flask/app.py", line 1836, in __call__
return self.wsgi_app(environ, start_response)
File "/usr/local/lib/python2.7/site-packages/Flask-0.10.1->py2.7.egg/flask/app.py", line 1820, in wsgi_app
response = self.make_response(self.handle_exception(e))
File "/usr/local/lib/python2.7/site-packages/Flask-0.10.1->py2.7.egg/flask/app.py", line 1403, in handle_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python2.7/site-packages/Flask-0.10.1->py2.7.egg/flask/app.py", line 1817, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python2.7/site-packages/Flask-0.10.1->py2.7.egg/flask/app.py", line 1477, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python2.7/site-packages/Flask-0.10.1->py2.7.egg/flask/app.py", line 1381, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/usr/local/lib/python2.7/site-packages/Flask-0.10.1->py2.7.egg/flask/app.py", line 1475, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python2.7/site-packages/Flask-0.10.1->py2.7.egg/flask/app.py", line 1461, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "/usr/local/lib/python2.7/site-packages/Flask_Kerberos-1.0.3->py2.7.egg/flask_kerberos.py", line 112, in decorated
ctx.kerberos_token])
TypeError: sequence item 1: expected string, NoneType found
Upvotes: 1
Views: 1191
Answers (2)
Reputation: 21
Found a workaround. This seems to be bug in Kerberos flask library but will need to dig more. Commented out below two lines in Flask_Kerberos-1.0.3 library and now it works.
# response.headers['WWW-Authenticate'] = ' '.join(['negotiate',
# ctx.kerberos_token])
curl curl --negotiate -u: http://server:5005/
Hello, World!
and yes, it still performs Kerberos authentication after we comment out above two lines.
curl http://server:5005/
Unauthorized
I hope this will be useful to others.
Upvotes: 1
Reputation: 5812
Did you tried curl with options--user username:password. For now as I see you pass the username without password.
Upvotes: 0
Related Questions
- How to send a header using a HTTP request through a cURL call?
- How do I POST JSON data with cURL?
- getting error while using Flask JWT, AttributeError: 'list' object has no attribute 'id' and shows 500 Internal server error
- Python Flask threaded program cannot display streaming data in two app routes
- scikit - random forest regressor - AttributeError: 'Thread' object has no attribute '_children'
- Flask Api to parse xml post requests returning errors
- "Failed to parse Dialogflow response into AppResponse because of empty speech response" with flask-assistant