Django中的Ntlm / Kerberos身份验证 [英] Ntlm/Kerberos authentication in Django

问题描述

我正在寻找一个关于将Windows身份验证支持添加到django应用程序的指南，特别是 OSQA

我知道 http://code.google .com / p / python-ntlm /
还看到这篇文章： http://erny-rev.blogspot.com/2007/11/ntlm-authentication-in-django.html
但我不是Django -dev，我只想在Windows环境中部署OSQA（内部网，所以我需要添加Windows身份验证）。所以我正在寻找简单的分步描述。

（我已经设法在Windows上部署OSQA站点，并且正在运行） p>

更新：

我希望不仅仅是对AD进行身份验证，而且可以在IE中获得类似SSO的行为。作为一个用户，在IE中访问我的基于django的站点，它将自动通过其域帐户进行身份验证。

解决方案

你可以这样做使用Apache，mod_auth_kerb和REMOTE_USER身份验证与Django托管为mod_wsgi。

以下是我们使用的一些配置示例：

  WSGIDaemonProcess myapp user = myapp group = myapp processes = 5 threads = 1 
 WSGIProcessGroup myapp 
 WSGIScriptAlias / myapp /home/wolapp/code/wolapp.wsgi 
< VirtualHost ...> 
<位置/ myapp> 
 AuthType Kerberos 
 AuthName域登录
 KrbMethodNegotiate在
 KrbMethodK5Passwd On 
 KrbAuthRealms YOUR.DOMAIN 
 Krb5Keytab /etc/krb5.keytab 
 KrbServiceName HTTP / server.your.domain 
要求有效用户
< / Location> 
< / VirtualHost> 
  

然后您需要设置：

http://docs.djangoproject.com/en/dev/howto / auth-remote-user /

需要注意的几个注意事项：

1. Opera在测试中完全失败;它无法处理Negotiate标题


2. 如果机器在域中，IE工作正常，但如果不是，则会提示您输入密码两次 - 第一次该机器使用ITSNAME\username失败;第二次裸露的用户名

希望这有帮助。

I'm looking for a guide about adding windows authentication support into a django app, particulary OSQA

I'm aware about http://code.google.com/p/python-ntlm/ And also saw this post: http://erny-rev.blogspot.com/2007/11/ntlm-authentication-in-django.html But I'm not a Django-dev, I just want to deploy OSQA in Windows enviroment (intranet, so I need to add windows authentication). So I'm looking for simple step-by-step description.

(I've managed to deploy a OSQA site on windows with SQL Server and it's working)

UPDATE:
I'd like to get not just auth against AD but SSO-like behavior in IE. As a user access my django-based site in IE it'd automaticaly authenticated with its domain account.

解决方案

You can do this using Apache, mod_auth_kerb and REMOTE_USER authentication with Django hosted as mod_wsgi.

Here is an example of some config we use:

WSGIDaemonProcess myapp user=myapp group=myapp processes=5 threads=1
WSGIProcessGroup myapp
WSGIScriptAlias /myapp /home/wolapp/code/wolapp.wsgi
<VirtualHost ...>
    <Location /myapp>
            AuthType                Kerberos
            AuthName                "Domain Login"
            KrbMethodNegotiate      On
            KrbMethodK5Passwd       On
            KrbAuthRealms           YOUR.DOMAIN
            Krb5Keytab              /etc/krb5.keytab
            KrbServiceName          HTTP/server.your.domain
            require                 valid-user
    </Location>
</VirtualHost>

You then need to setup this:

http://docs.djangoproject.com/en/dev/howto/auth-remote-user/

A couple of caveats to note:

1. Opera fails completely in our testing; it can't handle the "Negotiate" header
2. IE works fine if the machine is in the domain, but if it isn't, you get prompted for your password twice - the first time the machine uses "ITSNAME\username" which fails; the second time the bare "username"

Hope this helps.

这篇关于Django中的Ntlm / Kerberos身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！