atoti.KerberosConfig

final class atoti.KerberosConfig

The config to delegate authentication to Kerberos.

The user’s roles can be defined using atoti.security.Security.kerberos and individual_roles.

keytab: Path | None = None

The path to the keytab file to use.

krb5_config: Path | None = None

The path to the Kerberos config file.

Defaults to the OS-specific default location.

service_principal: str

The principal that the session will use.

username_case_conversion: 'upper' | 'lower' | None = None

The case conversion to apply to the username.

This authentication provider is generally case insensitive: the same user Jane could log in with the usernames "jane", "Jane", "JANE", etc. This attribute allows reducing all the possible cases to a single one to be compatible with individual_roles and other case sensitive mappings.

For instance, if session.security.individual_roles == {"jane": {"ROLE_USER"}}, username_case_conversion should be set to "lower".

Leaving this attribute to None is deprecated since it is a source of confusion or bugs.