Django中的Ntlm / Kerberos身份验证 [英] Ntlm/Kerberos authentication in Django
问题描述
我正在寻找一个关于将Windows身份验证支持添加到django应用程序的指南,特别是 OSQA
我知道 http://code.google .com / p / python-ntlm /
还看到这篇文章: http://erny-rev.blogspot.com/2007/11/ntlm-authentication-in-django.html
但我不是Django -dev,我只想在Windows环境中部署OSQA(内部网,所以我需要添加Windows身份验证)。所以我正在寻找简单的分步描述。
(我已经设法在Windows上部署OSQA站点,并且正在运行) p>
更新:
我希望不仅仅是对AD进行身份验证,而且可以在IE中获得类似SSO的行为。作为一个用户,在IE中访问我的基于django的站点,它将自动通过其域帐户进行身份验证。
你可以这样做使用Apache,mod_auth_kerb和REMOTE_USER身份验证与Django托管为mod_wsgi。
以下是我们使用的一些配置示例:
WSGIDaemonProcess myapp user = myapp group = myapp processes = 5 threads = 1
WSGIProcessGroup myapp
WSGIScriptAlias / myapp /home/wolapp/code/wolapp.wsgi
< VirtualHost ...>
<位置/ myapp>
AuthType Kerberos
AuthName域登录
KrbMethodNegotiate在
KrbMethodK5Passwd On
KrbAuthRealms YOUR.DOMAIN
Krb5Keytab /etc/krb5.keytab
KrbServiceName HTTP / server.your.domain
要求有效用户
< / Location>
< / VirtualHost>
然后您需要设置:
http://docs.djangoproject.com/en/dev/howto / auth-remote-user /
需要注意的几个注意事项:
- Opera在测试中完全失败;它无法处理Negotiate标题
- 如果机器在域中,IE工作正常,但如果不是,则会提示您输入密码两次 - 第一次该机器使用ITSNAME\username失败;第二次裸露的用户名
希望这有帮助。
I'm looking for a guide about adding windows authentication support into a django app, particulary OSQA
I'm aware about http://code.google.com/p/python-ntlm/ And also saw this post: http://erny-rev.blogspot.com/2007/11/ntlm-authentication-in-django.html But I'm not a Django-dev, I just want to deploy OSQA in Windows enviroment (intranet, so I need to add windows authentication). So I'm looking for simple step-by-step description.
(I've managed to deploy a OSQA site on windows with SQL Server and it's working)
UPDATE:
I'd like to get not just auth against AD but SSO-like behavior in IE. As a user access my django-based site in IE it'd automaticaly authenticated with its domain account.
You can do this using Apache, mod_auth_kerb and REMOTE_USER authentication with Django hosted as mod_wsgi.
Here is an example of some config we use:
WSGIDaemonProcess myapp user=myapp group=myapp processes=5 threads=1
WSGIProcessGroup myapp
WSGIScriptAlias /myapp /home/wolapp/code/wolapp.wsgi
<VirtualHost ...>
<Location /myapp>
AuthType Kerberos
AuthName "Domain Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms YOUR.DOMAIN
Krb5Keytab /etc/krb5.keytab
KrbServiceName HTTP/server.your.domain
require valid-user
</Location>
</VirtualHost>
You then need to setup this:
http://docs.djangoproject.com/en/dev/howto/auth-remote-user/
A couple of caveats to note:
- Opera fails completely in our testing; it can't handle the "Negotiate" header
- IE works fine if the machine is in the domain, but if it isn't, you get prompted for your password twice - the first time the machine uses "ITSNAME\username" which fails; the second time the bare "username"
Hope this helps.
这篇关于Django中的Ntlm / Kerberos身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!