Single sign on to Django site via remote Active Directory

Question

I developed an Intranet for a client using Django. The users sign on to their computers via Active Directory. Currently, I log them in via standard Django contrib.auth, and use

Answer 1

The magic word herefore is kerberos authentication.

Your user does not authenticate against your django application but against your webserver. Your intranet probably has a kerberos service running, that authenticates your user for you and just gives you a user name in REMOTE_USER if he is authenticated.

You can then search your LDAP for specific Access Rights or have an own database with special access rights.

Here is a short article from CentOS. It is very important what your environment looks like, so all I cann do is show you the direction ;-)

http://wiki.centos.org/HowTos/HttpKerberosAuth