Django to do its own NTLM Authentication (HTTP Headers & all)

青春壹個敷衍的年華 提交于 2019-12-10 12:19:51

问题


I'm considering moving from Apache to Lighttpd for an internal web application, written with python. The problem is that I'm relying on libapache2-mod-auth-ntlm-winbind ... which doesn't actually seem to be a well support & updated package (though that could be because it really does work well).

I'm looking for suggestions and hints about what it would take to use django itself to handle the HTTP authentication. This would allow me to be web-server-agnostic, and could potentially be a grand learning experience.

Some topical concerns:

  1. Is it reasonable to have the custom application perform true HTTP authentication?
  2. How involved is getting my python code connected to windows domain controller to this kind of authentication without prompting the user for a password?
  3. Does NTLM provide any access to user details & group memberships so that I can stop searching through yet another connection to the windows domain controller via LDAP?

I would love to be able to write a module to simplify this technique which could be shared with the community.


回答1:


Partial answer:

You can (and should) pass the NTLM auth off to an external helper. Basically, install Samba on the machine, configure it, join the domain, enable winbind, then use the "ntlm_auth" helper binary, probably in "pipe" mode.

Authenticating an NTLM session requires a secure pipe to the domain controller, which needs credentials (e.g. a Samba/domain-member machine account). This is the quickest route to get there.

Squid (the webcache) has code for doing NTLM auth using the external helper; FreeRadius does something similar.

The NTLM auth itself does not provide any group info; if you're running winbind you could of course use calls to "wbinfo" to get user groups.



来源:https://stackoverflow.com/questions/3120956/django-to-do-its-own-ntlm-authentication-http-headers-all

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!