Metadata-Version: 2.4
Name: lexmount-extra
Version: 0.1.0
Summary: Extra utilities for Lexmount Python SDK projects.
Author: lexmount
License: MIT
Project-URL: Homepage, https://dev.lexmount.net/
Project-URL: Documentation, https://dev.lexmount.net/docs
Keywords: lexmount,sdk,ntlm,kerberos,spnego
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Developers
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Operating System :: OS Independent
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: lexmount>=0.5.2
Requires-Dist: ntlm-auth>=1.5.0
Requires-Dist: pyspnego[kerberos]>=0.11.2
Provides-Extra: dev
Requires-Dist: pytest>=7.0.0; extra == "dev"
Requires-Dist: build>=1.0.0; extra == "dev"
Dynamic: license-file

# lexmount-extra

Extra utilities for Lexmount Python SDK projects.

## Install

```sh
pip install lexmount-extra
```

The package uses `ntlm-auth` for explicit NTLM credentials and
`pyspnego[kerberos]` for SPNEGO/Kerberos and Windows integrated NTLM.

## Usage

```py
from lexmount_extra import (
    createKerberosAuthCallback,
    createNTLMAuthCallback,
    generateKerberosToken,
    generateNTLMChallengeToken,
    generateNTLMResponseToken,
)

type1_token = generateNTLMChallengeToken("web.lab.local", "LAB")

type3_token = generateNTLMResponseToken(
    "http://web.lab.local/",
    "web.lab.local",
    "LAB",
    "NTLM <server-type2-token>",
    "alice",
    "P@ssw0rd123!",
)

kerberos_token = generateKerberosToken(
    "HTTP@web.lab.test",
    "server-token",
)
```

Pythonic snake_case aliases are available for every Node-compatible camelCase
function.

## Lexmount authentication callbacks

```py
from lexmount import register_integrated_auth_callback
from lexmount_extra import createKerberosAuthCallback, createNTLMAuthCallback

ntlm_auth = createNTLMAuthCallback({
    "hostname": "web.lab.local",
    "domain": "LAB",
})

kerberos_auth = createKerberosAuthCallback({
    "hostname": "web.lab.test",
})

register_integrated_auth_callback(session, ntlm_auth)
register_integrated_auth_callback(session, kerberos_auth)
```

Both callback factories can be called without options. NTLM defaults to
`USERDNSDOMAIN` and `USERDOMAIN` when those environment variables exist.
Kerberos derives the `HTTP@host` service principal from the authentication
challenge origin when neither `spn` nor `hostname` is provided.

## NTLM integrated authentication

When `generateNTLMResponseToken` is called without `username` and `password`,
Windows uses the current logon session through SSPI via `pyspnego`. Non-Windows
platforms return an empty token in the no-credential path, matching the Node
package.
