Get Django to play with old friends - Lynn RootΒΆ

Tags: django, djangocon

She works for Red Hat on http://freeipa.org, on identity stuff for Linux.

Note: see her website for instructions and code examples.

Say that your pointy haired boss (or customer) asks you to make an internal web app with all the buzzwords.

So you can’t use regular django auth, you’ll need single sign on. Luckily since Django 1.5 you can have custom user models, so it’ll fit with all your external requirements. One or two pieces of MIDDLEWARE_CLASSES and AUTHENTICATION_BACKENDS later and you play nice with the external single sign on. Django can be a team player.

Webserver? You’ll probably have to use apache. So the environment can be kerberos+apache. Add mod_auth_kerb for kerberos support. Add a “keytab” (making sure it is chown’ed to apache).

There’s a difference between authentication and authorization. Authentication is “just” logging in, authorization is what you’re allowed to do. You’ll have to connect to LDAP for that to ask which group(s) the user is a member of.

Setting up your own kerberos environment (for testing) is a pain. Unless you use a ready made vagrant box for it. Instructions are on her website.

blog comments powered by Disqus
 
vanrees.org logo

About me

My name is Reinout van Rees and I work a lot with Python (programming language) and Django (website framework). I live in The Netherlands and I'm happily married to Annie van Rees-Kooiman.

Weblog feeds

Most of my website content is in my weblog. You can keep up to date by subscribing to the automatic feeds (for instance with Google reader):