Hello - Does Django have any support for the web application itself being able to connect to MySQL using Kerberos Authentication / GSSAPI rather than a hard coded database user name and password?
I have searched around the web for a while and am still trying to find a way to get a Django web app itself to authenticate to a MySQL DB equipped with GSSAPI plugin via Kerberos. The Django app runs off Apache started in this way: k5start -u user/server@domain -f /etc/krb5.keytab -- /usr/sbin/httpd -DFOREGROUND The user/server user exists on the DB with adequate permissions. Moreover, on the command line this works and connects up fine: k5start -u user/server@domain -f /etc/krb5.keytab -- mysql -u user/server However, I've tried getting the web app to connect to the DB (the app itself, not worrying about the user authentication yet) about a million different ways. I verified the user running the web app is apache even when run started up the k5start way. Nonetheless any requests are met with this error: (1105, 'Client GSSAPI error (major 851968, minor 0) : gss_init_sec_context - Unspecified GSS failure. Minor code may provide more information. ') The settings.py configuration for the database is as follows: DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'my_database', 'USER': 'user/server@domain', #'PASSWORD' : '', 'HOST': 'localhost', # Or an IP Address that your DB is hosted on 'PORT': '3306', } } Server Specs: Django version: 2.2.8 Python version: 3.6.8 OS version: RHEL 7.8 (Maipo) MySQL version: 10.1.45-MariaDB MariaDB Server I am thinking perhaps Django is just not designed to work this way? I did trace some of the code in the packages Django uses to connect to MySQL and it appears to be something along the lines of mysql_connect / the MySQL Connector C libraries or whatnot. And from what I saw a lot of the parameters the code uses following the MySQL website documentation but there was one parameter 'auth_plugin' or something like that, which did not seem to be implemented. Yet at the same time it would seem like getting Django to connect to the DB via kerberos would be a common problem? Again, this is a separate problem I'm trying to solve besides authenticating users to the website, rather I'm hoping to allow the app itself to authenticate to the database with kerb ticket, and had been hoping starting up apache in a kerberized way might let that happen. Any suggestions from people more Kerberos knowledgeable than I? -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/7b12fcab-37e1-4bc9-b6e5-0c73a4437540%40googlegroups.com.