CODEWITHSUNDEEP
pythonflaskkerberos
user3027865
user3027865

Reputation: 11

Flask_kerberos KrbError: ('Principal not found in keytab', -1)

I am trying to integrate kerberos with flask/python. I have followed the steps in docs.

I get the error mentioned whenever I try to get principal details.

principal = kerberos.getServerPrincipalDetails('http', '10.113.41.11')

This is my keytab details:

Keytab name: FILE:crme1.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   1 04/26/2019 12:25:50 crme/[email protected]
   1 04/26/2019 12:25:50 crme/[email protected]

Upvotes: 1

Views: 1097

Answers (1)

John B
John B

Reputation: 3601

The problem is exactly as the error message states - you've told the kerberos library to get a service principal from the keytab, but the keytab doesn't contain an entry for that service principal.

For your example code, your keytab should contain a service principal called "HTTP/10.113.41.11". (Note, I don't recommend IP addresses for this kind of thing, because it's a lot harder to read them, but I don't know of any reason that it wouldn't work.)

You need to generate a keytab for HTTP/10.113.41.11 on your KDC and then make put this keytab on the flask host.

When errors like this appear unclear, it's usually because your mental model of the overall Kerberos picture is missing something. Are you sure you understand what a service princiapl is, and what a keytab is, and how the workflow goes during authentication?

Upvotes: 1

Related Questions