I have got an Django application that uses the RemoteUserBackend in combination with Apache and mod_auth_kerb to authenticate against Kerberos. However, this has some drawbacks: There is no proper logout without closing the browser tab. You may click "Logout" in your Django application, but I would expect to be asked for my credentials when I try to log in again - the latter is not the case. (Side note: It is quite possible for my application that two users want to log in one after another, which increases the lack of comfort and may be problematic when one users performs actions with the other user's rights.) The application is currently tailored to the Apache/RemoteUser solution, so it does provide no flexibility to switch over to other authentication methods , e.g. authentication against the Django database. The possibility to use alternative authentication methods would also ease the development of the application. That said, I would like to use a form-based authentication (username/password). This would move the control for the authentication to Django, so login/logout should work properly then. Also, this form could be used as well with different authentication backends, without a need to modify the GUI. How can this be done? Is there already a solution to this or a project that adresses my issue? Most implementations I saw like the ones in the answers here just use Apache or an LDAP authentication, but not Kerberos. Related, but unanswered question: Django user logout with remote authentication

Reputation: 3877

Form-based Kerberos authentication in Django

I have got an Django application that uses the RemoteUserBackend in combination with Apache and mod_auth_kerb to authenticate against Kerberos.

However, this has some drawbacks:

There is no proper logout without closing the browser tab. You may click "Logout" in your Django application, but I would expect to be asked for my credentials when I try to log in again - the latter is not the case. (Side note: It is quite possible for my application that two users want to log in one after another, which increases the lack of comfort and may be problematic when one users performs actions with the other user's rights.)
The application is currently tailored to the Apache/RemoteUser solution, so it does provide no flexibility to switch over to other authentication methods, e.g. authentication against the Django database. The possibility to use alternative authentication methods would also ease the development of the application.

That said, I would like to use a form-based authentication (username/password). This would move the control for the authentication to Django, so login/logout should work properly then. Also, this form could be used as well with different authentication backends, without a need to modify the GUI.

How can this be done? Is there already a solution to this or a project that adresses my issue? Most implementations I saw like the ones in the answers here just use Apache or an LDAP authentication, but not Kerberos.

Related, but unanswered question: Django user logout with remote authentication

Upvotes: 1

Answers (2)

Lynn Root

Reputation: 51

Sorry this is delayed. I am the author of the above recommended Kerberos + Django post (roguelynn.com).

For your first issue, take a look at kobo: https://fedorahosted.org/kobo/ - it uses Kerberos + RemoteUserBackend + Apache with Django, but implements a logout mechanism (in kobo/django/xmlrpc/auth.py: https://git.fedorahosted.org/cgit/kobo.git/tree/kobo/django/xmlrpc/auth.py).

Upvotes: 3

synthesizerpatel

Reputation: 28036

http://www.roguelynn.com/words/django-custom-user-models/

That blog post explains quite nicely how to use Kerberos as a Django 1.5 backend authenticator. Hot off the presses as of May 15th. She's got a bunch of nice kerberos examples.

For posterity's sake just in case the blog goes away someday, the author stores her blog posts as static files in her github repo.

https://github.com/econchick/roguelynn/blob/master/_posts/

Upvotes: 0

Form-based Kerberos authentication in Django

Answers (2)

Related Questions