Metadata-Version: 1.1
Name: kdcproxy
Version: 0.2.1
Summary: A kerberos KDC HTTP proxy WSGI module.
Home-page: http://github.com/npmccallum/kdcproxy
Author: Nalin Dahyabhai, Nathaniel McCallum
Author-email: nalin@redhat.com, npmccallum@redhat.com
License: MIT
Description: Welcome to kdcproxy!
        =====================
        
        This package contains a WSGI module for proxying KDC requests over HTTP by
        following the [MS-KKDCP] protocol. It aims to be simple to deploy, with
        minimal configuration.
        
        Deploying kdcproxy
        ==================
        
        The kdcproxy module follows the standard WSGI protocol for deploying Python
        web applications. This makes configuration simple. Simply load up your favorite
        WSGI-enabled web server and point it to the module. For example, if you wish
        to use mod_wsgi, try something like this:
        
            WSGIScriptAlias /kdc /path/to/kdcproxy/__init__.py
        
        For more information, see the documentation of your WSGI server.
        
        Configuring kdcproxy
        ====================
        
        When kdcproxy receives a request, it needs to know where to proxy it to. This
        is the purpose of configuration: discovering where to send kerberos requests.
        
        One important note: where the underlying configuration does not specify TCP or
        UDP, both will be attempted. TCP will be attempted before UDP. This permits the
        use of longer timeouts and prevents possible lockouts when the KDC packets
        contain OTP token codes (which should preferably be sent to only one server).
        
        Automatic Configuration
        -----------------------
        By default, no configuration is necessary. In this case, kdcproxy will use
        REALM DNS SRV record lookups to determine remote KDC locations.
        
        Master Configuration File
        -------------------------
        If you wish to have more detailed configuration, the first place you can
        configure kdcproxy is the master configuration file. This file exists at the
        location specified in the environment variable KDCPROXY_CONFIG. If this
        variable is unspecified, the default location is /etc/kdcproxy.conf. This
        configuration file takes precedence over all other configuration modules. This
        file is an ini-style configuration with a special section **[global]**. Two
        parameters are available in this section: **configs** and **use_dns**.
        
        The **use_dns** allows you to enable or disable use of DNS SRV record lookups.
        
        The **configs** parameter allows you to load other configuration modules for
        finding configuration in other places. The configuration modules specified in
        here will have priority in the order listed. For instance, if you wished to
        read configuration from MIT libkrb5, you would set the following:
        
            [global]
            configs = mit
        
        Aside from the **[global]** section, you may also specify manual configuration
        for realms. In this case, each section is the name of the realm and the
        parameters are **kerberos** or **kpasswd**. These specify the locations of the
        remote servers for krb5 AS requests and kpasswd requests, respectively. For
        example:
        
            [EXAMPLE.COM]
            kerberos = kerberos+tcp://kdc.example.com:88
            kpasswd = kpasswd+tcp://kpasswd.example.com:464
        
        The realm configuration parameters may list multiple servers separated by a
        space. The order the realms are specified in will be respected by kdcproxy when
        forwarding requests. The port number is optional. Possible schemes are:
        
        * kerberos://
        * kerberos+tcp://
        * kerberos+udp://
        * kpasswd://
        * kpasswd+tcp://
        * kpasswd+udp://
        
        MIT libkrb5
        -----------
        
        If you load the **mit** config module in the master configuration file,
        kdcproxy will also read the config using libkrb5 (usually /etc/krb5.conf). If
        this module is used, kdcproxy will respect the DNS settings from the
        **[libdefaults]** section and the realm configuration from the **[realms]**
        section.
        
        For more information, see the documentation for MIT's krb5.conf.
        
        [MS-KKDCP]: http://msdn.microsoft.com/en-us/library/hh553774.aspx
        
        
Keywords: krb5 proxy http https kerberos
Platform: UNKNOWN
Classifier: Development Status :: 3 - Alpha
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 2.7
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Internet :: Proxy Servers
Requires: pyasn1
Requires: dnspython
