Skip to content

Commit ced2f24

Browse files
mdumandagmdumandag
authored
Add documentation for the Kerberos authentication (#453)
* Add documentation for the Kerberos authentication Added the documentation for the external package we provide for Kerberos authentication. * spn -> principal * correct the package name
1 parent f05112e commit ced2f24

File tree

1 file changed

+37
-3
lines changed

1 file changed

+37
-3
lines changed

docs/securing_client_connection.rst

Lines changed: 37 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ Securing Client Connection
33

44
This chapter describes the security features of Hazelcast Python client.
55
These include using TLS/SSL for connections between members and between
6-
clients and members, mutual authentication, username/password authentication
7-
and token authentication. These security features require
8-
**Hazelcast IMDG Enterprise** edition.
6+
clients and members, mutual authentication, username/password authentication,
7+
token authentication and Kerberos authentication. These security features
8+
require **Hazelcast IMDG Enterprise** edition.
99

1010
TLS/SSL
1111
-------
@@ -321,3 +321,37 @@ Using :class:`hazelcast.security.BasicTokenProvider` you can pass the given toke
321321
client = hazelcast.HazelcastClient(
322322
token_provider=token_provider
323323
)
324+
325+
Kerberos Authentication
326+
-----------------------
327+
328+
Python client supports Kerberos authentication with an external package.
329+
The package provides the necessary token provider that handles the
330+
authentication against the KDC (key distribution center) with the given
331+
credentials, receives and caches the ticket, and finally retrieves the token.
332+
333+
You can install the package from PyPI.
334+
335+
.. code:: bash
336+
337+
pip install hazelcast-kerberos
338+
339+
A sample code that makes use of the package is below.
340+
341+
.. code:: python
342+
343+
import hazelcast
344+
import hzkerberos
345+
346+
token_provider = hzkerberos.TokenProvider(
347+
principal="hz/172.17.0.2@EXAMPLE.COM",
348+
keytab="/etc/krb5.keytab",
349+
)
350+
351+
client = hazelcast.HazelcastClient(
352+
token_provider=token_provider
353+
)
354+
355+
For more information and possible client and server configurations, refer to
356+
the `documentation <https://pypi.org/project/hazelcast-kerberos/>`__ of the
357+
``hazelcast-kerberos`` package.

0 commit comments

Comments
 (0)