Add documentation for the Kerberos authentication (#453)

* Add documentation for the Kerberos authentication Added the documentation for the external package we provide for Kerberos authentication. * spn -> principal * correct the package name
hazelcast · Aug 20, 2021 · ced2f24 · ced2f24
1 parent f05112e
commit ced2f24
Showing 1 changed file with 37 additions and 3 deletions.
diff --git a/docs/securing_client_connection.rst b/docs/securing_client_connection.rst
@@ -3,9 +3,9 @@ Securing Client Connection
 
 This chapter describes the security features of Hazelcast Python client.
 These include using TLS/SSL for connections between members and between
-clients and members, mutual authentication, username/password authentication
-and token authentication. These security features require
-**Hazelcast IMDG Enterprise** edition.
+clients and members, mutual authentication, username/password authentication,
+token authentication and Kerberos authentication. These security features
+require **Hazelcast IMDG Enterprise** edition.
 
 TLS/SSL
 -------
@@ -321,3 +321,37 @@ Using :class:`hazelcast.security.BasicTokenProvider` you can pass the given toke
     client = hazelcast.HazelcastClient(
         token_provider=token_provider
     )
+
+Kerberos Authentication
+-----------------------
+
+Python client supports Kerberos authentication with an external package.
+The package provides the necessary token provider that handles the
+authentication against the KDC (key distribution center) with the given
+credentials, receives and caches the ticket, and finally retrieves the token.
+
+You can install the package from PyPI.
+
+.. code:: bash
+
+    pip install hazelcast-kerberos
+
+A sample code that makes use of the package is below.
+
+.. code:: python
+
+    import hazelcast
+    import hzkerberos
+
+    token_provider = hzkerberos.TokenProvider(
+        principal="hz/172.17.0.2@EXAMPLE.COM",
+        keytab="/etc/krb5.keytab",
+    )
+
+    client = hazelcast.HazelcastClient(
+        token_provider=token_provider
+    )
+
+For more information and possible client and server configurations, refer to
+the `documentation <https://pypi.org/project/hazelcast-kerberos/>`__ of the
+``hazelcast-kerberos`` package.