kerberos (krb5) support?
Is krb5 kerberos login supported? Any pointers to instructions for setting it up?
2 Answers
- Sort by
oldest newest most voted
0
This is not supported yet.
There are several python modules that I could find:
http://pypi.python.org/pypi?%3Aaction=search&term=kerberos&submit=search
pykpass seems to have very simple usage: http://www.huque.com/software/pykpass/. Maybe you could test this one and others against your server on in the python shell and tell which one works?
We could add that method to supported password authentication methods.
Comments
Understood. i'll explore then and post back an answer once i've got something up and running. Thanks!
0
Seems it works with Django 1.3 out of the box, in fact! :) With the right apache config + instructions from django docs. eg,
https://docs.djangoproject.com/en/dev/howto/auth-remote-user/
and in your httpd/conf.d/askbot.conf
...
AuthType Kerberos
AuthName "YOURDOMAIN.COM Kerberos Login"
KrbMethodNegotiate On
KrbMethodK5Passwd On
KrbAuthRealms YOURDOMAIN.COM
KrbVerifyKDC off
Krb5Keytab /etc/krb5.keytab
KrbServiceName HTTP/YOURDOMAIN.COM
require valid-user
Comments
This requires apache, which is not optimal. We are now switching to nginx, because it is much faster. However, we should add this to the docs - is this all that is needed? Which module for apache is necessary?
mod auth kerb
you can use backticks to escape markdown processing. the underscores make a word in the middle italic.
There are probably a few quirks that will need to be ironed out, since when this is enabled globally, you log in automatically... so for example, 'log out' doesn't work as expected... you just stay logged in :) but yes, otherwise, it seems to work like a charm.
Comments