52 lines
1.6 KiB
Plaintext
52 lines
1.6 KiB
Plaintext
Authentic2 Auth Kerberos
|
|
==========================
|
|
|
|
It provides basic implementation of the HTTP Negotiate authentication mechanism
|
|
and autologin support using Javascript and a cookie.
|
|
|
|
The django-kerberos_ project is used as a basis for this plugin.
|
|
|
|
Install
|
|
-------
|
|
|
|
You just have to install the package in your virtualenv and register the plugin :
|
|
|
|
import authentic2_auth_kerberos
|
|
|
|
INSTALLED_APPS, TENANT_APPS, AUTHENTICATION_BACKENDS, AUTH_FRONTENDS = authentic2_auth_kerberos.register(
|
|
INSTALLED_APPS, TENANT_APPS, AUTHENTICATION_BACKENDS, AUTH_FRONTENDS
|
|
)
|
|
|
|
You must define the KRB5_KTNAME environment to the path of a keytab file
|
|
containing the key for your service principal. See django-kerberos_
|
|
documentation for details.
|
|
|
|
Settings
|
|
--------
|
|
|
|
- A2_AUTH_KERBEROS_ENABLED: enable the authentication module, default is True.
|
|
- A2_AUTH_KERBEROS_CREATE_USER: whether to create users for Kerberos
|
|
principals, default is True.
|
|
- A2_AUTH_KERBEROS_REALM: default reaml to attribute to user, default is None.
|
|
If not None, the Kerberos realm is replaced by this one. It's incompatible
|
|
with support for multiple realms.
|
|
- LDAP_AUTH_SETTINGS: same settings than for other usages in Authentic2, the Kerberos backend
|
|
introduce a new key 'principal_filter' which is a str.format() template receiving two keyword
|
|
arguments, username (the local part of the principal) and realm.
|
|
|
|
.. _django-kerberos: https://pypi.python.org/pypi/django-kerberos
|
|
|
|
Changelog
|
|
=========
|
|
|
|
1.1.0
|
|
-----
|
|
|
|
- use a2_just_logged_out to authorize automatic login and hide login tab
|
|
- add LDAP backend
|
|
|
|
1.0.0
|
|
-----
|
|
|
|
- initial release
|