|
Marco Lopes
mlopes at orangeway.org
Tue Dec 11 14:08:40 EST 2007
Be carefull with that, if you rely only on some string sent in an http request from a client application (in this case a username sent by the browser) it won't be hard for someone with a little knowledge of the http protocol to send a fake username. On 12/10/07, Brett Dixon <drunkirishmic420 at hotmail.com> wrote: > > Graham gave me a tip on a module and I will try that. But i will give a > more detailed description of my goal :) > > At work, we have a domain. Users will log onto a machine with a user/pass > on that domain. I need to get that username, so i can use that as the > website credentials. This removes this responsibility from me and also > allows them to "login" transparently. > On a previous project, i was using IIS 6 and PHP. I was able to get the > username from the REMOTE_USER or AUTH_USER environment variable, as seen > from phpinfo(). So i am looking for a way to get at this info with > apache/python. > > I hope thats a better description, sorry for my ambiguity before :) > > > > ------------------------------ > > Date: Mon, 10 Dec 2007 05:23:27 +0100 > > From: scarfboy at gmail.com > > To: mod_python at modpython.org > > Subject: Re: [mod_python] getting Windows username (REMOTE_USER) > > > > On Dec 10, 2007 2:31 AM, Brett Dixon <drunkirishmic420 at hotmail.com> > wrote: > > > > > > In my python handler Directory directive, i have the AuthTpye set to > basic, > > > but thats about it. I have tried "ntlm" but that hasnt done much. Is > there > > > a windows specific auth handler? > > HTTP auth has nothing to do with the operating system. > > > > > > It seems to me you're confused about what you're asking. I certainly am > :) > > The fact that you said 'yes' to an either-or summary didn't help. > > > > > > At first I figured you wanted to fetch the username that windows users > use > > for their profile. However, I doubt this is your actual question, > > because as far as I know, no setup at all does this. It'd be a privacy > issue. > > > > > > Your mention of moving back to IIS to get the feature makes me think > > that you are thinking of checking the username/password that the user > > gives the web server (exchanged via http auth) against an existing > windows > > domain controller (or similar) you have near your web server. > > > > This is possible, but the http authtype is unrelated to this - the two > forms > > of authtype refer to how HTTP exchanges the authentication. A > > browser-server thing, unrelated to what happens once the login > > arrives at the server. > > > > You can use one of various apache modules to make a particular > > subsystem/server do the actual authentication (exactly which depends > > on your wishes and setup. the one Graham mentioned is one of them). > > > > > > In either case, we could be more effective if you described your wishes > > and intent in a little more detail. > > > > --Bart > > _______________________________________________ > > Mod_python mailing list > > Mod_python at modpython.org > > http://mailman.modpython.org/mailman/listinfo/mod_python > > ------------------------------ > Your smile counts. The more smiles you share, the more we donate. Join in!<http://www.windowslive.com/smile?ocid=TXT_TAGLM_Wave2_oprsmilewlhmtagline> > > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20071211/fba1ada1/attachment.html
|