tags:

views:

153

answers:

3
+3  Q: 

Ntlm/Kerberos authentication in Django

Hi

I'm looking for a guide about adding windows authentication support into a django app, particulary OSQA

I'm aware about http://code.google.com/p/python-ntlm/ And also saw this post: http://erny-rev.blogspot.com/2007/11/ntlm-authentication-in-django.html But I'm not a Django-dev, I just want to deploy OSQA in Windows enviroment (intranet, so I need to add windows authentication). So I'm looking for simple step-by-step description.

(I've managed to deploy a OSQA site on windows with SQL Server and it's working)

UPDATE:
I'd like to get not just auth against AD but SSO-like behavior in IE. As a user access my django-based site in IE it'd automaticaly authenticated with its domain account.

A: 

Generally, if you just want authentication against Active Directory, the approach most likely to succeed is to use LDAP authentication against the Active Directory LDAP service. The only trick is that unlike most LDAP servers, Active Directory needs to have an authenticated user (and password). Most folks end up establishing a 'ldap-query' user with and hardcode that user for the query configuration.

For examples, see http://djangosnippets.org/snippets/501/ and http://www.google.com/search?q=Django+LDAP+authentication

Craig Trader  2010-08-04 04:14:40
I'd like to get not just auth against AD but SSO-like behavior in IE. As a user access my django-based site in IE it'd automaticaly authenticated with its domain account.
Shrike  2010-08-04 10:54:51
A: 

@Shrike, did you ever figure this out?

joe  2010-09-01 17:12:06
Actualy, no :(but I also asked here - http://meta.osqa.net/questions/4326/how-to-add-windows-authentication and now have noticed an answer with link to http://jira.osqa.net/browse/OSQA-425
Shrike  2010-09-01 19:13:33
I had seen that patch as well. Odd though as it won't solve what you and I would like and that is auto-authenticate. This patch seems to just add a new way to authenticate.
joe  2010-09-01 19:21:30
A: 

You can do this using Apache, mod_auth_kerb and REMOTE_USER authentication with Django hosted as mod_wsgi.

Here is an example of some config we use:

WSGIDaemonProcess myapp user=myapp group=myapp processes=5 threads=1
WSGIProcessGroup myapp
WSGIScriptAlias /myapp /home/wolapp/code/wolapp.wsgi
<VirtualHost ...>
    <Location /myapp>
            AuthType                Kerberos
            AuthName                "Domain Login"
            KrbMethodNegotiate      On
            KrbMethodK5Passwd       On
            KrbAuthRealms           YOUR.DOMAIN
            Krb5Keytab              /etc/krb5.keytab
            KrbServiceName          HTTP/server.your.domain
            require                 valid-user
    </Location>
</VirtualHost>

You then need to setup this:

http://docs.djangoproject.com/en/dev/howto/auth-remote-user/

A couple of caveats to note:

  1. Opera fails completely in our testing; it can't handle the "Negotiate" header
  2. IE works fine if the machine is in the domain, but if it isn't, you get prompted for your password twice - the first time the machine uses "ITSNAME\username" which fails; the second time the bare "username"

Hope this helps.

Realist  2010-09-24 13:10:18

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django