Rails 中的 Kerberos 身份验证 [英] Kerberos Authentication in Rails

问题描述

是否可以使用 kerberos 在 rails 下对用户进行身份验证?是否有任何现有插件(最好是扩展 authlogic 的功能)来执行此操作?

Is it possible to use kerberos to authenticate a user under rails? Are there any existing plugins (preferably which extend authlogic's functionality) to do this?

推荐答案

我希望其他人会过来向我们展示一个纯粹的 Rails 方法来做到这一点.但在那之前，让事情顺利进行的最简单方法是让您的网络服务器处理它.

I'm hoping someone else will come around and show us a pure Rails way of doing this. But until then, the easiest way to get things going is by letting your web server handle it.

就此而言，我将假设 Apache.如果不是这种情况，请告诉我们更多有关您的设置的信息.

On that note, I'm going to assume Apache. If this is not the case, please tell us a bit more about your set-up.

浏览器中正确的 Kerberos 身份验证是在 HTTP 协议本身中完成的，很像 基本或摘要式身份验证.在 Apache 中，这可以通过 mod_kerb_auth 来完成.

Proper Kerberos authentication in browsers is done in the HTTP protocol itself, much like Basic or Digest authentication. In Apache, this can be done with mod_kerb_auth.

然后下一步是找出如何检索用户名.这在一定程度上取决于您在 Web 服务器和 Rails 应用程序之间使用的接口.这可能是Passenger、FastCGI、mod_proxy 等.

Then the next step is to find out how to retrieve the username. It depends a bit on the interface you're using between the web-server and your Rails app. This could be Passenger, FastCGI, mod_proxy, etc.

许多人会在某种程度上遵循原始的CGI 标准，传递一堆请求的环境变量.在您的控制器中尝试以下操作:

Many will follow the original CGI standard to some degree, passing along a bunch of environment variables with the request. Try the following in your controller:

username = request.env['REMOTE_USER']

这是我可以带你的范围.我从未使用过 authlogic.不过，从它的外观来看，它支持插件.如果设置了 REMOTE_USER，也许您可​​以创建一个新的盲目信任它?

That's as far as I can take you. I've never used authlogic. Though, by the looks of it, it supports plugins. Perhaps you can create a new one that blindly trusts REMOTE_USER if it is set?

这篇关于Rails 中的 Kerberos 身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！