[SPAM] RE: [mod_python] getting Windows username (REMOTE_USER)

Brett Dixon drunkirishmic420 at hotmail.com
Tue Dec 11 16:10:56 EST 2007


its not really a high security app.  I am just using the username as a convenience.


Date: Tue, 11 Dec 2007 19:08:40 +0000
From: mlopes at orangeway.org
To: drunkirishmic420 at hotmail.com
Subject: Re: [SPAM] RE: [mod_python] getting Windows username (REMOTE_USER)
CC: scarfboy at gmail.com; mod_python at modpython.org

Be carefull with that, if you rely only on some string sent in an http request from a client application (in this case a username sent by the browser) it won't be hard for someone with a little knowledge of the http protocol to send a fake username.


On 12/10/07, Brett Dixon <drunkirishmic420 at hotmail.com> wrote:




Graham gave me a tip on a module and I will try that.  But i will give a more detailed description of my goal :)

At work, we have a domain.  Users will log onto a machine with a user/pass on that domain.  I need to get that username, so i can use that as the website credentials.  This removes this responsibility from me and also allows them to "login" transparently.

On a previous project, i was using IIS 6 and PHP.  I was able to get the username from the REMOTE_USER or AUTH_USER environment variable, as seen from phpinfo().  So i am looking for a way to get at this info with apache/python.


I hope thats a better description, sorry for my ambiguity before :)



> Date: Mon, 10 Dec 2007 05:23:27 +0100
> From: 
scarfboy at gmail.com
> To: mod_python at modpython.org
> Subject: Re: [mod_python] getting Windows username (REMOTE_USER)

> 
> On Dec 10, 2007 2:31 AM, Brett Dixon <
drunkirishmic420 at hotmail.com> wrote:
> >
> > In my python handler Directory directive, i have the AuthTpye set to basic,
> > but thats about it.  I have tried "ntlm" but that hasnt done much.  Is there

> > a windows specific auth handler?
> HTTP auth has nothing to do with the operating system.
> 
> 
> It seems to me you're confused about what you're asking. I certainly am :)

> The fact that you said 'yes' to an either-or summary didn't help.
> 
> 
> At first I figured you wanted to fetch the username that windows users use
> for their  profile. However, I doubt this is your actual question,

> because as far as I know, no setup at all does this. It'd be a privacy issue.
> 
> 
> Your mention of moving back to IIS to get the feature makes me think
> that you are thinking of checking the username/password that the user

> gives the web server (exchanged via http auth) against an existing windows
> domain controller (or similar) you have near your web server.
> 
> This is possible, but the http authtype is unrelated to this - the two forms

> of authtype refer to how HTTP exchanges the authentication. A
> browser-server thing, unrelated to what happens once the login
> arrives at the server.
> 
> You can use one of various apache modules to make a particular

> subsystem/server do the actual authentication (exactly which depends
> on your wishes and setup. the one Graham mentioned is one of them).
> 
> 
> In either case, we could be more effective if you described your wishes

> and intent in a little more detail.
> 
> --Bart
> _______________________________________________
> Mod_python mailing list
> 
Mod_python at modpython.org
> http://mailman.modpython.org/mailman/listinfo/mod_python


Your smile counts. The more smiles you share, the more we donate. 
Join in!

_______________________________________________
Mod_python mailing list
Mod_python at modpython.org

http://mailman.modpython.org/mailman/listinfo/mod_python




_________________________________________________________________
Get the power of Windows + Web with the new Windows Live.
http://www.windowslive.com?ocid=TXT_TAGHM_Wave2_powerofwindows_122007
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mm_cfg_has_not_been_edited_to_set_host_domains/pipermail/mod_python/attachments/20071211/a5f9e0f0/attachment-0001.html


More information about the Mod_python mailing list