Brett Dixon
drunkirishmic420 at hotmail.com
Tue Dec 11 16:10:56 EST 2007
its not really a high security app. I am just using the username as a convenience. Date: Tue, 11 Dec 2007 19:08:40 +0000 From: mlopes at orangeway.org To: drunkirishmic420 at hotmail.com Subject: Re: [SPAM] RE: [mod_python] getting Windows username (REMOTE_USER) CC: scarfboy at gmail.com; mod_python at modpython.org Be carefull with that, if you rely only on some string sent in an http request from a client application (in this case a username sent by the browser) it won't be hard for someone with a little knowledge of the http protocol to send a fake username. On 12/10/07, Brett Dixon <drunkirishmic420 at hotmail.com> wrote: Graham gave me a tip on a module and I will try that. But i will give a more detailed description of my goal :) At work, we have a domain. Users will log onto a machine with a user/pass on that domain. I need to get that username, so i can use that as the website credentials. This removes this responsibility from me and also allows them to "login" transparently. On a previous project, i was using IIS 6 and PHP. I was able to get the username from the REMOTE_USER or AUTH_USER environment variable, as seen from phpinfo(). So i am looking for a way to get at this info with apache/python. I hope thats a better description, sorry for my ambiguity before :) > Date: Mon, 10 Dec 2007 05:23:27 +0100 > From: scarfboy at gmail.com > To: mod_python at modpython.org > Subject: Re: [mod_python] getting Windows username (REMOTE_USER) > > On Dec 10, 2007 2:31 AM, Brett Dixon < drunkirishmic420 at hotmail.com> wrote: > > > > In my python handler Directory directive, i have the AuthTpye set to basic, > > but thats about it. I have tried "ntlm" but that hasnt done much. Is there > > a windows specific auth handler? > HTTP auth has nothing to do with the operating system. > > > It seems to me you're confused about what you're asking. I certainly am :) > The fact that you said 'yes' to an either-or summary didn't help. > > > At first I figured you wanted to fetch the username that windows users use > for their profile. However, I doubt this is your actual question, > because as far as I know, no setup at all does this. It'd be a privacy issue. > > > Your mention of moving back to IIS to get the feature makes me think > that you are thinking of checking the username/password that the user > gives the web server (exchanged via http auth) against an existing windows > domain controller (or similar) you have near your web server. > > This is possible, but the http authtype is unrelated to this - the two forms > of authtype refer to how HTTP exchanges the authentication. A > browser-server thing, unrelated to what happens once the login > arrives at the server. > > You can use one of various apache modules to make a particular > subsystem/server do the actual authentication (exactly which depends > on your wishes and setup. the one Graham mentioned is one of them). > > > In either case, we could be more effective if you described your wishes > and intent in a little more detail. > > --Bart > _______________________________________________ > Mod_python mailing list > Mod_python at modpython.org > http://mailman.modpython.org/mailman/listinfo/mod_python Your smile counts. The more smiles you share, the more we donate. Join in! _______________________________________________ Mod_python mailing list Mod_python at modpython.org http://mailman.modpython.org/mailman/listinfo/mod_python _________________________________________________________________ Get the power of Windows + Web with the new Windows Live. http://www.windowslive.com?ocid=TXT_TAGHM_Wave2_powerofwindows_122007 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20071211/a5f9e0f0/attachment-0001.html
|