56 lines
1.5 KiB
Plaintext
56 lines
1.5 KiB
Plaintext
Kerberos authentication for Django
|
|
==================================
|
|
|
|
Provide Kerberos authentication to Django applications.
|
|
|
|
Basic usage
|
|
===========
|
|
|
|
Add this to your project `urls.py`::
|
|
|
|
url('^accounts/kerberos/', include('django_auth_kerb.urls')),
|
|
|
|
And use the default authentication backend, by adding that to your `settings.py` file::
|
|
|
|
AUTHENTICATION_BACKENDS = (
|
|
'django_auth_kerberos.backends.KerberosBackend',
|
|
)
|
|
|
|
Settings
|
|
========
|
|
|
|
`KERBEROS_HOSTNAME`
|
|
-------------------
|
|
|
|
Hostname for retrieving the service key, the correspondig principal will be
|
|
`HTTP/{KERBEROS_HOSTNAME}@DEFAULT_REAML`, default is `None`. If `None` the hostname
|
|
from the request will be used.
|
|
|
|
`KERBEROS_KEYTAB`
|
|
-----------------
|
|
|
|
File path of the keytab containing the key for the service principal, default
|
|
is `None`. If `None` the default host keytab will be tried, which should fails
|
|
since it's usually only readable by root.
|
|
|
|
`KERBEROS_BACKEND_CREATE`
|
|
-------------------------
|
|
|
|
Whether to create user if no existing model can be found, default is `False`.
|
|
|
|
`KERBEROS_BACKEND_ADMIN_REGEXP`
|
|
-------------------------------
|
|
|
|
A regular expression that the principal must match to get superuser privileges,
|
|
default is `None`. A classic example could be `r'^.*/admin$'`.
|
|
|
|
Custom backend
|
|
==============
|
|
|
|
A custom authentication backend can be used, in this case the signature of the
|
|
authenticate method must be::
|
|
|
|
class CustomKerberosBackend(object):
|
|
def authenticate(self, principal=None):
|
|
pass
|