def __init__(self, settings): self.settings = settings self.mode = None #'CLIENT' self.sspi = WSNETAuth() self.operator = None self.client = None self.target = None self.seq_number = 0 self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def __init__(self, settings): self.settings = settings self.mode = None #'CLIENT' self.sspi = None self.operator = None self.client = None self.target = None #self.ntlmChallenge = None self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def __init__(self, settings): self.settings = settings self.mode = None #'CLIENT' url = '%s://%s:%s' % (self.settings.proto, self.settings.host, self.settings.port) self.sspi = WSNETSSPIProxy(url, self.settings.agent_id) self.operator = None self.client = None self.target = None self.seq_number = 0 self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def __init__(self, settings): self.settings = settings self.mode = 'CLIENT' self.username = settings.username self.password = settings.password self.domain = settings.domain self.actual_ctx_flags = None self.flags = ISC_REQ.CONNECTION if settings.encrypt is True: #self.flags = ISC_REQ.REPLAY_DETECT | ISC_REQ.CONFIDENTIALITY| ISC_REQ.USE_SESSION_KEY| ISC_REQ.INTEGRITY| ISC_REQ.SEQUENCE_DETECT| ISC_REQ.CONNECTION self.flags = ISC_REQ.CONNECTION | ISC_REQ.CONFIDENTIALITY self.sspi = NTLMMSLDAPSSPI() self.seq_number = 0 self.session_key = None self.ntlm_ctx = NTLMAUTHHandler(NTLMHandlerSettings(None, 'MANUAL'))
def build(self): if self.creds.auth_method == LDAPAuthProtocol.SICILY: ntlmcred = MSLDAPNTLMCredential() ntlmcred.username = self.creds.username ntlmcred.domain = self.creds.domain if self.creds.domain is not None else '' ntlmcred.workstation = None ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt if self.creds.password is None: raise Exception( 'NTLM authentication requres password/NT hash!') if len(self.creds.password) == 32: try: bytes.fromhex(self.creds.password) except: ntlmcred.password = self.creds.password else: ntlmcred.nt_hash = self.creds.password else: ntlmcred.password = self.creds.password settings = NTLMHandlerSettings(ntlmcred) return NTLMAUTHHandler(settings) elif self.creds.auth_method == LDAPAuthProtocol.SIMPLE: cred = MSLDAPPLAINCredential() cred.username = self.creds.username cred.domain = self.creds.domain cred.password = self.creds.password return cred elif self.creds.auth_method == LDAPAuthProtocol.PLAIN: cred = MSLDAPSIMPLECredential() cred.username = self.creds.username cred.domain = self.creds.domain cred.password = self.creds.password return cred elif self.creds.auth_method in [ LDAPAuthProtocol.NTLM_PASSWORD, LDAPAuthProtocol.NTLM_NT ]: ntlmcred = MSLDAPNTLMCredential() ntlmcred.username = self.creds.username ntlmcred.domain = self.creds.domain if self.creds.domain is not None else '' ntlmcred.workstation = None ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt if self.creds.password is None: raise Exception('NTLM authentication requres password!') if self.creds.auth_method == LDAPAuthProtocol.NTLM_PASSWORD: ntlmcred.password = self.creds.password elif self.creds.auth_method == LDAPAuthProtocol.NTLM_NT: ntlmcred.nt_hash = self.creds.password else: raise Exception('Unknown NTLM auth method!') settings = NTLMHandlerSettings(ntlmcred) handler = NTLMAUTHHandler(settings) ##setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method in [ LDAPAuthProtocol.KERBEROS_RC4, LDAPAuthProtocol.KERBEROS_NT, LDAPAuthProtocol.KERBEROS_AES, LDAPAuthProtocol.KERBEROS_PASSWORD, LDAPAuthProtocol.KERBEROS_CCACHE, LDAPAuthProtocol.KERBEROS_KEYTAB ]: if self.target is None: raise Exception('Target must be specified with Kerberos!') if self.target.host is None: raise Exception( 'target must have a domain name or hostname for kerberos!') if self.target.dc_ip is None: raise Exception('target must have a dc_ip for kerberos!') kcred = MSLDAPKerberosCredential() kc = KerberosCredential() kc.username = self.creds.username kc.domain = self.creds.domain kcred.enctypes = [] if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PASSWORD: kc.password = self.creds.password kcred.enctypes = [23, 17, 18] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_NT: kc.nt_hash = self.creds.password kcred.enctypes = [23] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_AES: if len(self.creds.password) == 32: kc.kerberos_key_aes_128 = self.creds.password kcred.enctypes = [17] elif len(self.creds.password) == 64: kc.kerberos_key_aes_256 = self.creds.password kcred.enctypes = [18] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_RC4: kc.kerberos_key_rc4 = self.creds.password kcred.enctypes = [23] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE: kc.ccache = self.creds.password kcred.enctypes = [23, 17, 18] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB: kc.keytab = self.creds.password kcred.enctypes = [23, 17, 18] else: raise Exception( 'No suitable secret type found to set up kerberos!') if self.creds.etypes is not None: kcred.enctypes = list( set(self.creds.etypes).intersection(set(kcred.enctypes))) kcred.ccred = kc kcred.spn = KerberosSPN.from_target_string( self.target.to_target_string()) kcred.target = KerberosTarget(self.target.dc_ip) kcred.encrypt = self.creds.encrypt if self.target.proxy is not None: kcred.target.proxy = KerberosProxy() kcred.target.proxy.type = self.target.proxy.type kcred.target.proxy.target = copy.deepcopy( self.target.proxy.target) kcred.target.proxy.target.endpoint_ip = self.target.dc_ip kcred.target.proxy.target.endpoint_port = 88 kcred.target.proxy.creds = copy.deepcopy( self.target.proxy.auth) handler = MSLDAPKerberos(kcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method == LDAPAuthProtocol.SSPI_KERBEROS: if self.target is None: raise Exception('Target must be specified with Kerberos SSPI!') kerbcred = MSLDAPKerberosSSPICredential() kerbcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>' kerbcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>' kerbcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>' kerbcred.spn = self.target.to_target_string() kerbcred.encrypt = self.creds.encrypt handler = MSLDAPKerberosSSPI(kerbcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method == LDAPAuthProtocol.SSPI_NTLM: ntlmcred = MSLDAPNTLMSSPICredential() ntlmcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>' ntlmcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>' ntlmcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>' ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPNTLMSSPI(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method.value.startswith('MULTIPLEXOR'): if self.creds.auth_method in [ LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM, LDAPAuthProtocol.MULTIPLEXOR_NTLM ]: from msldap.authentication.ntlm.multiplexor import MSLDAPNTLMMultiplexor ntlmcred = MSLDAPMultiplexorCredential() ntlmcred.type = 'NTLM' if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False ntlmcred.parse_settings(self.creds.settings) ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPNTLMMultiplexor(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method in [ LDAPAuthProtocol.MULTIPLEXOR_SSL_KERBEROS, LDAPAuthProtocol.MULTIPLEXOR_KERBEROS ]: from msldap.authentication.kerberos.multiplexor import MSLDAPKerberosMultiplexor ntlmcred = MSLDAPMultiplexorCredential() ntlmcred.type = 'KERBEROS' ntlmcred.target = self.target if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False ntlmcred.parse_settings(self.creds.settings) ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPKerberosMultiplexor(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg
def build(self): if self.creds.auth_method == LDAPAuthProtocol.SICILY: ntlmcred = MSLDAPNTLMCredential() ntlmcred.username = self.creds.username ntlmcred.domain = self.creds.domain if self.creds.domain is not None else '' ntlmcred.workstation = None ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt if self.creds.password is None: raise Exception( 'NTLM authentication requres password/NT hash!') if len(self.creds.password) == 32: try: bytes.fromhex(self.creds.password) except: ntlmcred.password = self.creds.password else: ntlmcred.nt_hash = self.creds.password else: ntlmcred.password = self.creds.password settings = NTLMHandlerSettings(ntlmcred) return NTLMAUTHHandler(settings) elif self.creds.auth_method == LDAPAuthProtocol.SIMPLE: cred = MSLDAPPLAINCredential() cred.username = self.creds.username cred.domain = self.creds.domain cred.password = self.creds.password return cred elif self.creds.auth_method == LDAPAuthProtocol.PLAIN: cred = MSLDAPSIMPLECredential() cred.username = self.creds.username cred.domain = self.creds.domain cred.password = self.creds.password return cred elif self.creds.auth_method in [ LDAPAuthProtocol.NTLM_PASSWORD, LDAPAuthProtocol.NTLM_NT ]: ntlmcred = MSLDAPNTLMCredential() ntlmcred.username = self.creds.username ntlmcred.domain = self.creds.domain if self.creds.domain is not None else '' ntlmcred.workstation = None ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt if self.creds.password is None: raise Exception('NTLM authentication requres password!') if self.creds.auth_method == LDAPAuthProtocol.NTLM_PASSWORD: ntlmcred.password = self.creds.password elif self.creds.auth_method == LDAPAuthProtocol.NTLM_NT: ntlmcred.nt_hash = self.creds.password else: raise Exception('Unknown NTLM auth method!') settings = NTLMHandlerSettings(ntlmcred) handler = NTLMAUTHHandler(settings) ##setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method in [ LDAPAuthProtocol.KERBEROS_RC4, LDAPAuthProtocol.KERBEROS_NT, LDAPAuthProtocol.KERBEROS_AES, LDAPAuthProtocol.KERBEROS_PASSWORD, LDAPAuthProtocol.KERBEROS_CCACHE, LDAPAuthProtocol.KERBEROS_KEYTAB, LDAPAuthProtocol.KERBEROS_KIRBI, LDAPAuthProtocol.KERBEROS_PFX, LDAPAuthProtocol.KERBEROS_PEM, LDAPAuthProtocol.KERBEROS_CERTSTORE ]: if self.target is None: raise Exception('Target must be specified with Kerberos!') if self.target.host is None: raise Exception( 'target must have a domain name or hostname for kerberos!') if self.target.dc_ip is None: raise Exception('target must have a dc_ip for kerberos!') kcred = MSLDAPKerberosCredential() if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KIRBI: kc = KerberosCredential.from_kirbi(self.creds.password, self.creds.username, self.creds.domain) elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE: kc = KerberosCredential.from_ccache_file( self.creds.password, self.creds.username, self.creds.domain) elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB: kc = KerberosCredential.from_kirbi(self.creds.password, self.creds.username, self.creds.domain) elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PFX: kc = KerberosCredential.from_pfx_file( self.creds.username, self.creds.password, username=self.creds.altname, domain=self.creds.altdomain) self.creds.username = kc.username self.creds.domain = kc.domain self.target.domain = kc.domain elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PEM: kc = KerberosCredential.from_pem_file( self.creds.username, self.creds.password, username=self.creds.altname, domain=self.creds.altdomain) self.creds.username = kc.username self.creds.domain = kc.domain self.target.domain = kc.domain elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CERTSTORE: # username is the CN of the certificate # secret is the name of the certstore, default: MY certstore = self.creds.secret if self.creds.secret is None: certstore = 'MY' kc = KerberosCredential.from_windows_certstore( self.creds.username, certstore, username=self.creds.altname, domain=self.creds.altdomain) self.creds.username = kc.username self.creds.domain = kc.domain self.target.domain = kc.domain else: kc = KerberosCredential() kc.username = self.creds.username kc.domain = self.creds.domain kcred.enctypes = [] if self.creds.auth_method == LDAPAuthProtocol.KERBEROS_PASSWORD: kc.password = self.creds.password kcred.enctypes = [23, 17, 18] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_NT: kc.nt_hash = self.creds.password kcred.enctypes = [23] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_AES: if len(self.creds.password) == 32: kc.kerberos_key_aes_128 = self.creds.password kcred.enctypes = [17] elif len(self.creds.password) == 64: kc.kerberos_key_aes_256 = self.creds.password kcred.enctypes = [18] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_RC4: kc.kerberos_key_rc4 = self.creds.password kcred.enctypes = [23] elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_CCACHE: kcred.enctypes = [23, 17, 18] # TODO: fix this elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KEYTAB: kc.keytab = self.creds.password kcred.enctypes = [23, 17, 18] # TODO: fix this elif self.creds.auth_method == LDAPAuthProtocol.KERBEROS_KIRBI: kcred.enctypes = [23, 17, 18] # TODO: fix this elif self.creds.auth_method in [ LDAPAuthProtocol.KERBEROS_PFX, LDAPAuthProtocol.KERBEROS_CERTSTORE, LDAPAuthProtocol.KERBEROS_PEM ]: kcred.enctypes = [17, 18] else: raise Exception( 'No suitable secret type found to set up kerberos!') if self.creds.etypes is not None: kcred.enctypes = list( set(self.creds.etypes).intersection(set(kcred.enctypes))) kcred.ccred = kc kcred.spn = KerberosSPN.from_target_string( self.target.to_target_string()) kcred.target = KerberosTarget(self.target.dc_ip) kcred.encrypt = self.creds.encrypt if self.target.proxy is not None: kcred.target.proxy = KerberosProxy() kcred.target.proxy.type = self.target.proxy.type kcred.target.proxy.target = copy.deepcopy( self.target.proxy.target) kcred.target.proxy.target[-1].endpoint_ip = self.target.dc_ip kcred.target.proxy.target[-1].endpoint_port = 88 handler = MSLDAPKerberos(kcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method == LDAPAuthProtocol.SSPI_KERBEROS: if self.target is None: raise Exception('Target must be specified with Kerberos SSPI!') kerbcred = MSLDAPKerberosSSPICredential() kerbcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>' kerbcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>' kerbcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>' kerbcred.spn = self.target.to_target_string() kerbcred.encrypt = self.creds.encrypt handler = MSLDAPKerberosSSPI(kerbcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method == LDAPAuthProtocol.SSPI_NTLM: ntlmcred = MSLDAPNTLMSSPICredential() ntlmcred.username = self.creds.domain if self.creds.domain is not None else '<CURRENT>' ntlmcred.username = self.creds.username if self.creds.username is not None else '<CURRENT>' ntlmcred.password = self.creds.password if self.creds.password is not None else '<CURRENT>' ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPNTLMSSPI(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method.value.startswith('MULTIPLEXOR'): if self.creds.auth_method in [ LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM, LDAPAuthProtocol.MULTIPLEXOR_NTLM ]: from msldap.authentication.ntlm.multiplexor import MSLDAPNTLMMultiplexor ntlmcred = MSLDAPMultiplexorCredential() ntlmcred.type = 'NTLM' if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False ntlmcred.parse_settings(self.creds.settings) ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPNTLMMultiplexor(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method in [ LDAPAuthProtocol.MULTIPLEXOR_SSL_KERBEROS, LDAPAuthProtocol.MULTIPLEXOR_KERBEROS ]: from msldap.authentication.kerberos.multiplexor import MSLDAPKerberosMultiplexor ntlmcred = MSLDAPMultiplexorCredential() ntlmcred.type = 'KERBEROS' ntlmcred.target = self.target if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.is_ssl = True if self.creds.auth_method == LDAPAuthProtocol.MULTIPLEXOR_SSL_NTLM else False ntlmcred.parse_settings(self.creds.settings) ntlmcred.encrypt = self.creds.encrypt handler = MSLDAPKerberosMultiplexor(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method.value.startswith('SSPIPROXY'): if self.creds.auth_method == LDAPAuthProtocol.SSPIPROXY_NTLM: from msldap.authentication.ntlm.sspiproxy import MSLDAPSSPIProxyNTLMAuth ntlmcred = MSLDAPSSPIProxyCredential() ntlmcred.type = 'NTLM' if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt ntlmcred.host = self.creds.settings['host'][0] ntlmcred.port = int(self.creds.settings['port'][0]) ntlmcred.proto = 'ws' if 'proto' in self.creds.settings: ntlmcred.proto = self.creds.settings['proto'][0] if 'agentid' in self.creds.settings: ntlmcred.agent_id = bytes.fromhex( self.creds.settings['agentid'][0]) handler = MSLDAPSSPIProxyNTLMAuth(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method == LDAPAuthProtocol.SSPIPROXY_KERBEROS: from msldap.authentication.kerberos.sspiproxyws import MSLDAPSSPIProxyKerberosAuth ntlmcred = MSLDAPSSPIProxyCredential() ntlmcred.type = 'KERBEROS' ntlmcred.target = self.target if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False ntlmcred.encrypt = self.creds.encrypt ntlmcred.host = self.creds.settings['host'][0] ntlmcred.port = self.creds.settings['port'][0] ntlmcred.proto = 'ws' if 'proto' in self.creds.settings: ntlmcred.proto = self.creds.settings['proto'][0] if 'agentid' in self.creds.settings: ntlmcred.agent_id = bytes.fromhex( self.creds.settings['agentid'][0]) handler = MSLDAPSSPIProxyKerberosAuth(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg elif self.creds.auth_method.value.startswith('WSNET'): if self.creds.auth_method in [LDAPAuthProtocol.WSNET_NTLM]: from msldap.authentication.ntlm.wsnet import MSLDAPWSNetNTLMAuth ntlmcred = MSLDAPWSNETCredential() ntlmcred.type = 'NTLM' if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False handler = MSLDAPWSNetNTLMAuth(ntlmcred) spneg = SPNEGO() spneg.add_auth_context( 'NTLMSSP - Microsoft NTLM Security Support Provider', handler) return spneg elif self.creds.auth_method in [LDAPAuthProtocol.WSNET_KERBEROS]: from msldap.authentication.kerberos.wsnet import MSLDAPWSNetKerberosAuth ntlmcred = MSLDAPWSNETCredential() ntlmcred.type = 'KERBEROS' ntlmcred.target = self.target if self.creds.username is not None: ntlmcred.username = '******' if self.creds.domain is not None: ntlmcred.domain = '<CURRENT>' if self.creds.password is not None: ntlmcred.password = '******' ntlmcred.is_guest = False handler = MSLDAPWSNetKerberosAuth(ntlmcred) #setting up SPNEGO spneg = SPNEGO() spneg.add_auth_context('MS KRB5 - Microsoft Kerberos 5', handler) return spneg