create users from /etc/passwd?

[Tim]

I'm running Django 1.3.1 on FreeBSD + Apache2.2 inside an intranet. 

I do not grok authentication, so here is my problem and a question about how I can solve it (maybe).

What I need is the name of the user who hits the application. I don't care about the password, I just need to know who they are. I've been unable to get the REMOTE_USER from Apache, mainly because I think Apache doesn't know it either (no authentication is used on the httpd.conf).

I thought (here's my maybe solution) I might create a bunch of users in Django by parsing the /etc/passwd database. Then at least each user would have the same username/password they use to login to the network.

Is that possible? Is there a better way to get the username?

thanks,

--Tim

[Furbee]

Hi Tim,

I'm not totally sure, but I don't think this will work. You could parse the passwd file to get the usernames, but the passwords are encrypted. Since you don't have the system's decryption key, you would not be able to determine the password. If you just used what is in /etc/shadow it would not match the password that the users enter when they try to authenticate in Django.

I would suggest using Django's built-in authentication system. Then when a user goes to your site, and enters their credentials, you will be able to access the user information in the view with request.user (assuming "request" is your view's first parameter name).

Django's documentation is a lifesaver, here's setting up User Authentication:

https://docs.djangoproject.com/en/1.3/topics/auth/

Here's accessing session information when a user is logged in.

https://docs.djangoproject.com/en/1.3/topics/http/sessions/

Finally, you can use the decorator @login_required for views that require authentication. However, I found it easier for many applications that use site-wide authentication (usually the case with intranet development) to use middleware to require login for every page. I implemented something similar to this and it works perfectly.:

http://onecreativeblog.com/post/59051248/django-login-required-middleware

You're want to study up on how middleware works, here:

https://docs.djangoproject.com/en/1.3/topics/http/middleware/

Good Luck,

Furbee

--Tim

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/qO-mxTOE0joJ.
To post to this group, send email to django...@googlegroups.com.
To unsubscribe from this group, send email to django-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-users?hl=en.

[Thorsten Sanders]

https://bitbucket.org/maze/django-pam/

maybe that helps?

[David Fischer]

Depending on your intranet, you may already have an LDAP directory. If you do, I would use a combination of Apache, mod_ldap and Django's RemoteUserMiddleware.

[Tim]

Thanks for all this great information. Thorsten, I do have hope that 'pam' will solve the problem, but if I get nowhere with that, Furbee's links and info will help me go further; I just didn't want the user to have to sign on twice when I don't really care about authentication, just user identification.  In any case, I'm reading those docs now, and the blog article.

David, I wish I could do this via the LDAP set up but as far as I can tell there isn't one.

thanks again!

--Tim

[Mike Dewhirst]

You can.

If you accept that users will have to authenticate in your Django app
then if you use ldap you won't have to worry about passwords at all.
They will enter the same username and password they usually do when they
power up their workstations.

I have used Peter Herndon's django-ldap-groups very successfully to do
just that. It will create a new user including any ldap groups you set
up for Django based entirely on successful ldap authentication. It will
bring whatever ldap info across to Django that you require.

Mike

>
> thanks again!

> --Tim
>
> --
> You received this message because you are subscribed to the Google
> Groups "Django users" group.
> To view this discussion on the web visit

> https://groups.google.com/d/msg/django-users/-/mNmX0CImKo8J.