Get Django to play with old friends - Lynn Root¶
She works for Red Hat on http://freeipa.org, on identity stuff for Linux.
Note: see her website for instructions and code examples.
Say that your pointy haired boss (or customer) asks you to make an internal web app with all the buzzwords.
So you can’t use regular django auth, you’ll need single sign on. Luckily since
Django 1.5 you can have custom user models, so it’ll fit with all your
external requirements. One or two pieces of MIDDLEWARE_CLASSES and
AUTHENTICATION_BACKENDS later and you play nice with the external single
sign on. Django can be a team player.
Webserver? You’ll probably have to use apache. So the environment can be
kerberos+apache. Add mod_auth_kerb for kerberos support. Add a “keytab”
(making sure it is chown’ed to apache).
There’s a difference between authentication and authorization. Authentication is “just” logging in, authorization is what you’re allowed to do. You’ll have to connect to LDAP for that to ask which group(s) the user is a member of.
Setting up your own kerberos environment (for testing) is a pain. Unless you use a ready made vagrant box for it. Instructions are on her website.
Reinout van Rees
My name is Reinout van Rees and I program in Python, I live in the Netherlands, I cycle recumbent bikes and I have a model railway.
- Weblog
- Preken (NL)
- Over mij (NL)
- About me (EN)
- Ligfiets (NL)
- Eifelburgenbahn (model railway)
- Videos
- PhD (EN)
Weblog feeds
Most of my website content is in my weblog. You can keep up to date by subscribing to the automatic feeds (for instance with Google reader):