bloomberg / jupyterhub-kdcauthenticator Goto Github PK
View Code? Open in Web Editor NEWA Kerberos authenticator module for the JupyterHub platform
License: Apache License 2.0
jupyterhub-kdcauthenticator's People
Stargazers
Watchers
Forkers
joychak nocturnal316 twskipper wasperen kkukharuk rockie-yang ygree titan550 nekonyuu naheedmk jeffreyxcav swathisgr cerit-sc eminuzun stjordanisjupyterhub-kdcauthenticator's Issues
TypeError: argument 2 must be str, not dict
Hello,
I'm trying to use Kerberos for the Authentication process of JupyterHub and found your Authenticator module.
I get the following error message:
HTTPServerRequest(protocol='https', host='naf-belle-jhub.desy.de', method='POST', uri='/hub/login?next=', version='HTTP/1.1', remote_ip='::ffff:131.169.214.92')
Traceback (most recent call last):
File "/opt/conda/lib/python3.7/site-packages/tornado/web.py", line 1592, in _execute
result = yield result
File "/opt/conda/lib/python3.7/site-packages/jupyterhub/handlers/login.py", line 81, in post
user = await self.login_user(data)
File "/opt/conda/lib/python3.7/site-packages/jupyterhub/handlers/base.py", line 473, in login_user
authenticated = await self.authenticate(data)
File "/opt/conda/lib/python3.7/site-packages/jupyterhub/auth.py", line 257, in get_authenticated_user
authenticated = await maybe_future(self.authenticate(handler, data))
File "/opt/conda/lib/python3.7/types.py", line 277, in wrapped
coro = func(*args, **kwargs)
File "/root/jupyterhub-kdcauthenticator/kdcauthenticator/kdcauthenticator.py", line 148, in authenticate
rc = kerberos.authGSSServerStep(state, data)
TypeError: argument 2 must be str, not dict
When I searched the web, I found that pykerberos was needed instead of kerberos, but this seems to be the case on my system.
Any ideas what could be wrong?
Cheers,
Johannes
No key table entry found matching
Hello,
Trying to set up Jupyterhub to authenticate LDAP users against an existing KDC on a separate node.
So far, I have the following:
Dockerfile
FROM jupyterhub/jupyterhub
RUN apt-get update && \
apt-get install --no-install-recommends -y \
gcc \
libpam-krb5 \
krb5-user \
libkrb5-dev \
strace \
wget \
bzip2 \
ca-certificates \
p7zip-full
WORKDIR /opt/conda/bin/
RUN ./pip install git+https://github.com/bloomberg/jupyterhub-kdcauthenticator.git
RUN ./pip install kerberos
RUN ./pip install dockerspawner
# PAM_KRB5CCNAME is not set when opening the session for some reason and so we have to
# explicitly retain the cache created during auth instead.
# Also, turn on pam debug logging
RUN sed -i 's$1000$1000 ccache=/tmp/krb5cc_%u retain_after_close debug$' /etc/pam.d/common-auth
RUN sed -i 's$1000$1000 debug$' /etc/pam.d/common-session
# Configure kerberos
COPY krb5.conf /etc/
# Add the jupyterhub config
COPY jupyterhub_config.py /etc/jupyterhub/
# Add keytab file
COPY http-test.headless.keytab /etc/
WORKDIR /srv/jupyterhub
CMD KRB5_CONFIG="/etc/krb5.conf" KRB5_KTNAME="/etc/http-test.headless.keytab" jupyterhub --no-ssl --ip=0.0.0.0 --port=8000 --config="/etc/jupyterhub/jupyterhub_config.py" --log-level=DEBUG --Spawner.debug=True
jupyterhub_config.py
import os
c.JupyterHub.authenticator_class = 'kdcauthenticator.kdcauthenticator.KDCAuthenticator'
c.KDCAuthenticator.service_name = '[email protected]'
c.JupyterHub.spawner_class = 'dockerspawner.DockerSpawner'
notebook_dir = os.environ.get('DOCKER_NOTEBOOK_DIR') or '/home/{user}/notebook'
c.DockerSpawner.notebook_dir = notebook_dir
c.DockerSpawner.volumes = { 'jupyterhub-user-{username}': notebook_dir }
krb5.conf
[libdefaults]
renew_lifetime = 7d
forwardable = true
default_realm = MYDOMAIN.COM
ticket_lifetime = 24h
clock-skew = 300
# dns_lookup_realm = false
# dns_lookup_kdc = false
default_ccache_name = /tmp/krb5cc_%{uid}
#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
#default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
[domain_realm]
mydomain.com = MYDOMAIN.COM
.mydomain.com = MYDOMAIN.COM
[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
[realms]
MYDOMAIN.COM = {
admin_server = kerberos.mydomain.com
kdc = kerberos.mydomain.com
database_module = openldap_ldapconf
}
[dbdefaults]
ldap_kerberos_container_dn = cn=kerberos,dc=mydomaincomponent
[dbmodules]
openldap_ldapconf = {
db_library = kldap
ldap_kdc_dn = "cn=admin,dc=mydomaincomponent"
ldap_kadmind_dn = "cn=admin,dc=mydomaincomponent"
ldap_service_password_file = /etc/krb5kdc/service.keyfile
ldap_servers = ldap://kerberos.mydomain.com
ldap_conns_per_server = 5
}
However, when authenticating with a valid (LDAP) user, I get the following error:
JupyterHub kdcauthenticator:160] kerberos.GSSError: (('Unspecified GSS failure. Minor code may provide more information', 851968), ('No key table entry found matching http-test/mydomain.com@', 39756033))
kdcauthenticator Bad Configuration
I tried configuring JupyterHub for Kerberos as per the instructions laid in the link below
https://github.com/bloomberg/jupyterhub-kdcauthenticator
I have the Keytab generated for the service account and have set the environment variables too on my Linux machine. I get this error below
[C 2018-07-27 17:24:55.678 JupyterHub application:90] Bad config encountered during initialization:
[C 2018-07-27 17:24:55.678 JupyterHub application:91] The 'authenticator_class' trait of <jupyterhub.app.JupyterHub object at 0x7fdc94cf28d0> instance must be a type, but 'kdcauthenticator.kdcauthenticator.KDCAuthenticator' could not be imported
'kdcauthenticator.kdcauthenticator.KDCAuthenticator' could not be imported
I tried using this KDCAuthenticator (https://github.com/joychak/jupyterhub-kdcauthenticator) . It installed fine on myJupyterhub server but when I try to use it I get the following error:
[JupyterHub application:90] Bad config encountered during initialization:
[JupyterHub application:91] The 'authenticator_class' trait of <jupyterhub.app.JupyterHub object at 0x7fe67485d860> instance must be a type, but 'kdcauthenticator.kdcauthenticator.KDCAuthenticator' could not be imported
For some reason it can't find the installed Authenticator. Do I need to do any extra steps to let jupyter aware of this newly installed Authenticator?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.