I've set-up a Kerberised environment some time ago, but I can't recall what docs I've been reading back then, so no recommendations there. I would recommend reading a little about it on Wikipedia (for start) to get the high-level overview.
The environment I've set-up had relied upon MIT Kerberos implementation (and to top it off I also used PKINIT), although I was able to have the Windows 7 clients authenticate against it. So no idea what happens if using AD. You're probably not the only person on the planet, but it's probably avoided solution due to some issues you can get. A small advice - _always_ first verify that the time on your machines is good. 90% of problems I had were related to clock differences between server, Kerberos servers, and user workstations. Best regards On Mon, 04 Mar 2013 22:19:35 +0100 Anton <anto...@gmx.de> wrote: > @Branko, > > no...I didn't think about Kerberos, I only realised > in the last day that Ad use this system which I don't know either) > > Do you know some tutorial/howto describing this SSO > > with Django/apache on windows? > > Or I am the only one on this planet with this ides? > > Thanks > > Anton > > Branko Majic wrote: > > > On Mon, 25 Feb 2013 21:06:33 +0100 > > Anton <anto...@gmx.de> wrote: > > > >> Hi, > >> > >> I am using my django in the following way: > >> > >> OS: Windows 7 (64 bit) > >> > >> + Python 2.7.3 (32bit) > >> > >> + apache 2.4.3 (32 bit) from apachelounge > >> (I use the version which was build with vs2008 like python > >> 2.7.3) > >> http://www.apachelounge.com/download/win32/binaries/httpd-2.4.3- > win32- > >> VC9.zip > >> > >> + django 1.4.5 > >> > >> + mod_wsgi 3.4 (32 bit) from http://code.google.com/p/modwsgi/ > >> (compiled manually with vs2008 since no binaries available) > >> > >> I would like to use the typical Windows intranet scenario > >> where you have a single-sign-on with the internet explorer. > >> > >> At least in our company the ASP .NET powered intranet sites > >> work fine with this. > >> > >> I googled around, as if I understood right, this auth system > >> is called NTLM and if you want to use it, you need > >> the apache module "mod-auth-sspi". > >> > >> If I look at the project page > >> http://sourceforge.net/projects/mod-auth-sspi/?source=dlp > >> I see only stuff dated from 2011 and only for *apache 2.2*. > >> > >> And if I read this article on apachelounge: > >> > >> http://www.apachelounge.com/viewtopic.php?t=4548 > >> > >> then there will be *never* a support for Apache 2.4. > >> > >> In the Django docs: > >> "Authentication using REMOTE_USER" > >> https://docs.djangoproject.com/en/1.4/howto/auth-remote-user/ > >> > >> you get links to mod_auth_sspi but its has be forgotten to mention > >> that this module (seems) now obsolete. > >> > >> So the question is: > >> > >> Is it possible to obtain SSO with Django on a Windows powered > >> machine, or do I have to give up and try my luck with ASP.NET or > >> perhaps php for windows or whatever. > >> > >> I love Django & python, but I am here in a dead end. > >> > >> Is there somebody using this scenarion (which is quit common in big > >> companies)? > >> > >> Thanks. > >> Anton > >> > > > > Hm... Did you maybe think about using Kerberos part of the AD for > > authentication instead? > > > > Best regards > > > > -- Branko Majic Jabber: bra...@majic.rs Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: bra...@majic.rs Молим вас да додатке шаљете искључиво у слободним форматима.
signature.asc
Description: PGP signature
