Cannot authenticate against Kerberized hgweb using Python 3

Augie Fackler raf at durin42.com
Sun Apr 26 15:23:25 UTC 2020


Definitely file a bug about this if you haven't gotten answers. I suspect
you're the first one to try this on Python 3, but you won't be the last and
I'd really love to see our authentication options story improve.


On Feb 29, 2020, at 10:07, Geert Lorang <geert at lorang.be> wrote:

Hi list,

Trying to port https://bitbucket.org/domruf/hgssoauthentication/src/default/
to Merurial 5.3 with Python 3 but I'm running into following exception when
either the extension is not loaded, no TGT or TGT expired:

$ hg pull
pulling from https://hidden/hg/testrepo/
** unknown exception encountered, please report by visiting
** https://mercurial-scm.org/wiki/BugTracker
** Python 3.7.5 (default, Nov 20 2019, 09:21:52) [GCC 9.2.1 20191008]
** Mercurial Distributed SCM (version 5.3)
** Extensions loaded: share, largefiles
...
ValueError: AbstractDigestAuthHandler does not support the following
scheme: 'Negotiate'

When using Mercurial 5.3 with Python 2.7 there is no problem. After some
investigating it seems Python 3.7's urllib will (now) unconditionally raise
an exception when scheme is not digest or basic in
AbstractDigestAuthHandler.

Python 2: /usr/lib/python2.7/urllib2.py:

class AbstractDigestAuthHandler:

    def http_error_auth_reqed(self, authreq, host, req, headers):

            if scheme.lower() == 'digest':
                return self.retry_http_digest_auth(req, authreq)

Python 3: /usr/lib/python3.7/urllib/request.py

class AbstractDigestAuthHandler:

    def http_error_auth_reqed(self, authreq, host, req, headers):

            if scheme.lower() == 'digest':
                return self.retry_http_digest_auth(req, authreq)
            elif scheme.lower() != 'basic':
                raise ValueError("AbstractDigestAuthHandler does not
support"
                                 " the following scheme: '%s'" % scheme)

Could I somehow override Mercurial from trying digest authentication (via
the extension) and/or should Mercurial catch this exception and continue
with other authentication mechanisms ?

Let me know if you need this as a bug in Bugzilla.

Thanks,
Geert

_______________________________________________
Mercurial mailing list
Mercurial at mercurial-scm.org
https://www.mercurial-scm.org/mailman/listinfo/mercurial
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.mercurial-scm.org/pipermail/mercurial/attachments/20200426/05f7f98b/attachment.html>


More information about the Mercurial mailing list