Ask Your Question
1

kerberos (krb5) support?

asked 2011-12-05 04:56:03 -0500

drpoovilleorg gravatar image

updated 2011-12-05 07:02:00 -0500

Evgeny gravatar image

Is krb5 kerberos login supported? Any pointers to instructions for setting it up?

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2011-12-05 10:38:48 -0500

drpoovilleorg gravatar image

Seems it works with Django 1.3 out of the box, in fact! :) With the right apache config + instructions from django docs. eg,

https://docs.djangoproject.com/en/dev/howto/auth-remote-user/

and in your httpd/conf.d/askbot.conf

...

AuthType Kerberos

AuthName "YOURDOMAIN.COM Kerberos Login"

KrbMethodNegotiate On

KrbMethodK5Passwd On

KrbAuthRealms YOURDOMAIN.COM

KrbVerifyKDC off

Krb5Keytab /etc/krb5.keytab

KrbServiceName HTTP/YOURDOMAIN.COM

require valid-user

edit flag offensive delete link more

Comments

This requires apache, which is not optimal. We are now switching to nginx, because it is much faster. However, we should add this to the docs - is this all that is needed? Which module for apache is necessary?

Evgeny gravatar imageEvgeny ( 2011-12-05 10:55:49 -0500 )edit

mod auth kerb

drpoovilleorg gravatar imagedrpoovilleorg ( 2011-12-06 08:07:49 -0500 )edit

you can use backticks to escape markdown processing. the underscores make a word in the middle italic.

Evgeny gravatar imageEvgeny ( 2011-12-06 08:12:10 -0500 )edit

There are probably a few quirks that will need to be ironed out, since when this is enabled globally, you log in automatically... so for example, 'log out' doesn't work as expected... you just stay logged in :) but yes, otherwise, it seems to work like a charm.

drpoovilleorg gravatar imagedrpoovilleorg ( 2011-12-06 08:24:14 -0500 )edit
add a comment
0

answered 2011-12-05 07:07:27 -0500

Evgeny gravatar image

updated 2011-12-05 07:10:40 -0500

This is not supported yet.

There are several python modules that I could find:

http://pypi.python.org/pypi?%3Aaction=search&term=kerberos&submit=search

pykpass seems to have very simple usage: http://www.huque.com/software/pykpass/. Maybe you could test this one and others against your server on in the python shell and tell which one works?

We could add that method to supported password authentication methods.

edit flag offensive delete link more

Comments

Understood. i'll explore then and post back an answer once i've got something up and running. Thanks!

drpoovilleorg gravatar imagedrpoovilleorg ( 2011-12-05 07:26:26 -0500 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2011-12-05 04:56:03 -0500

Seen: 456 times

Last updated: Dec 05 '11

Related questions

Should a minor edit bring a Q&A back to the top of the sort order?

Per question rss feed?

Installing askbot - 1054, "Unknown column 'auth_user.tag_filter_setting' in 'field list'

Prevent non-logged users from seeing questions

Backticks in markup

Python 2.7.3 modules

Votes number discrepancy & displaying comments upvotes

Are there Debian/Ubuntu packages for Askbot?

Why do I need a socket for uwsgi?

what is the status of skinning?

Copyright Askbot, 2010-2011. Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.58