Cannot authenticate against Kerberized hgweb using Python 3
Steve - Gadget Barnes
GadgetSteve at hotmail.com
Mon Apr 27 06:18:04 UTC 2020
Anecdotal only but I have a utility at work which reads and searches for URLs in a downloaded pac.pac file to try to find & report the current working proxy/proxies for pip – what works varies a lot. I had to make some changes for python 3.7 when the pac.pac started leaving out the scheme part of the URLs (i.e. no http: or https:) which was to automatically insert the http: that our proxies normally use. But I have noticed that under python 3.8 I now get working proxy addresses reported both with and without the prefix.
So I think that one of the changes in Python 3.8 has resolved this issue – I would certainly suggest giving Python 3.8 a try of course it may not be related.
Steve Barnes
From: Mercurial <mercurial-bounces at mercurial-scm.org> On Behalf Of Augie Fackler
Sent: 26 April 2020 16:23
To: Geert Lorang <geert at lorang.be>
Cc: Mercurial mailing list <mercurial at mercurial-scm.org>
Subject: Re: Cannot authenticate against Kerberized hgweb using Python 3
Definitely file a bug about this if you haven't gotten answers. I suspect you're the first one to try this on Python 3, but you won't be the last and I'd really love to see our authentication options story improve.
On Feb 29, 2020, at 10:07, Geert Lorang <geert at lorang.be<mailto:geert at lorang.be>> wrote:
Hi list,
Trying to port https://bitbucket.org/domruf/hgssoauthentication/src/default/ to Merurial 5.3 with Python 3 but I'm running into following exception when either the extension is not loaded, no TGT or TGT expired:
$ hg pull
pulling from https://hidden/hg/testrepo/
** unknown exception encountered, please report by visiting
** https://mercurial-scm.org/wiki/BugTracker
** Python 3.7.5 (default, Nov 20 2019, 09:21:52) [GCC 9.2.1 20191008]
** Mercurial Distributed SCM (version 5.3)
** Extensions loaded: share, largefiles
...
ValueError: AbstractDigestAuthHandler does not support the following scheme: 'Negotiate'
When using Mercurial 5.3 with Python 2.7 there is no problem. After some investigating it seems Python 3.7's urllib will (now) unconditionally raise an exception when scheme is not digest or basic in AbstractDigestAuthHandler.
Python 2: /usr/lib/python2.7/urllib2.py:
class AbstractDigestAuthHandler:
def http_error_auth_reqed(self, authreq, host, req, headers):
if scheme.lower() == 'digest':
return self.retry_http_digest_auth(req, authreq)
Python 3: /usr/lib/python3.7/urllib/request.py
class AbstractDigestAuthHandler:
def http_error_auth_reqed(self, authreq, host, req, headers):
if scheme.lower() == 'digest':
return self.retry_http_digest_auth(req, authreq)
elif scheme.lower() != 'basic':
raise ValueError("AbstractDigestAuthHandler does not support"
" the following scheme: '%s'" % scheme)
Could I somehow override Mercurial from trying digest authentication (via the extension) and/or should Mercurial catch this exception and continue with other authentication mechanisms ?
Let me know if you need this as a bug in Bugzilla.
Thanks,
Geert
_______________________________________________
Mercurial mailing list
Mercurial at mercurial-scm.org<mailto:Mercurial at mercurial-scm.org>
https://www.mercurial-scm.org/mailman/listinfo/mercurial
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mercurial-scm.org/pipermail/mercurial/attachments/20200427/7853bb9c/attachment-0002.html>
More information about the Mercurial
mailing list