- Raised minimum Python version to 3.8
- Changed project build metadata to use PEP 518 pyproject.toml
- Make Channel Binding data per-host
- Added support for explicit passwords using the
password
kwarg
- Added support for proxy authentication with
HTTP
endpoints. - Support for proxying
HTTPS
endpoints is not available due to limitations of the underlying requests/urllib3 library. - Fixed up stray bytes to str conversion.
- Change Kerberos dependencies to pyspnego to modernise the underlying Kerberos library that is used.
- Removed the
wrap_winrm
andunwrap_winrm
functions - Dropped support for Python 2 and raised minimum Python version to 3.6.
- Renamed the
context
attribute to_context
to indicate it's meant for internal use only. - Fix Negotiate header regex pattern to avoid DoS affected patterns
- Add support for channel binding tokens (assumes pykerberos support >= 1.2.1)
- CBT is enabled by default but for older servers which might have
compatibility issues this can be disabled with
send_cbt=False
. - Add support for kerberos message encryption (assumes pykerberos support >= 1.2.1)
- Misc CI/test fixes
- Switch dependency on Windows from kerberos-sspi/pywin32 to WinKerberos. This brings Custom Principal support to Windows users.
- Make it possible to receive errors without having their contents and headers stripped.
- Resolve a bug caused by passing the
principal
keyword argument to kerberos-sspi on Windows.
- Support for principal, hostname, and realm override.
- Added support for mutual auth.
- Support for Kerberos delegation.
- Fixed problems declaring kerberos-sspi on Windows installs.
- Added Windows native authentication support by adding kerberos-sspi as an alternative backend.
- Prevent infinite recursion when a server returns 401 to an authorization attempt.
- Reduce the logging during successful responses.
- Fix HTTPKerberosAuth not to treat non-file as a file
- Prevent infinite recursion when GSSErrors occurs
Handle mutual authentication (see pull request 36)
All users should upgrade immediately. This has been reported to oss-security and we are awaiting a proper CVE identifier.
Update: We were issued CVE-2014-8650
Distribute as a wheel.
- Allow non-HTTP service principals with HTTPKerberosAuth using a new optional
argument
service
. - Fix bug in
setup.py
on distributions where thecompiler
module is not available. - Add test dependencies to
setup.py
sopython setup.py test
will work.
- Minor updates in the README
- Change requirements to depend on requests above 1.1.0
- Work with servers operating on non-standard ports
- Not documented
- Initial Release