Re: Multiple authentication sources to one database

2010-09-02 Thread Jeff Bell
Auth backends fail down the list of middleware.  So I'm thinking something
like this.

Maybe, the users that you authenticate using LDAP or AD, append something to
their username, like _xyzuser.

johndoe has LDAP/AD password and logs in.
AD_AUTH_Middleware succeeds with original username and passwd,
Adds pre-determined suffix to username and queries local users for that new
username.
Object does not exist but since he validated against other service you
create a username with suffix and password of your choice.

johndoe has LDAP/AD password and logs in.
AD_AUTH_Middleware succeeds,
Adds pre-determined suffix to username and queries users for that username.
User object is returned.

johndoe (a different one) logs in with a contrib auth password from your
django database.
AD_AUTH_Middleware fails and fails over to contrib_auth.
Django Auth Middleware queries local users and returns User object.

Only chink in the armor would be if they both had the same passwords.  I'm
sure you could add some other criteria to your LDAP auth backend to help
with that though by adding a field to a user profile.

I'm no expert.  I just want to start giving back to the Django community so
this is my best shot.

Jeff





On Thu, Sep 2, 2010 at 4:28 PM, Shawn Milochik  wrote:

> You can use multiple authentication backends in the same Django
> project. All you have to do is write/install a backend that supports
> your alternative method, and add it to AUTHENTICATION_BACKENDS in your
> settings file.
>
> The info here should help a lot:
>
> http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend
>
> For users who authenticate against the alternative source, just create
> a new User instance on-the-fly when they first successfully log in.
> This will allow the rest of your app and pluggable apps to "just work"
> if they rely on contrib.auth.
>
> Shawn
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django users" group.
> To post to this group, send email to django-us...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-users+unsubscr...@googlegroups.com
> .
> For more options, visit this group at
> http://groups.google.com/group/django-users?hl=en.
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.



Re: Multiple authentication sources to one database

2010-09-02 Thread Shawn Milochik
You can use multiple authentication backends in the same Django
project. All you have to do is write/install a backend that supports
your alternative method, and add it to AUTHENTICATION_BACKENDS in your
settings file.

The info here should help a lot:
http://docs.djangoproject.com/en/dev/topics/auth/#writing-an-authentication-backend

For users who authenticate against the alternative source, just create
a new User instance on-the-fly when they first successfully log in.
This will allow the rest of your app and pluggable apps to "just work"
if they rely on contrib.auth.

Shawn

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.



Multiple authentication sources to one database

2010-09-01 Thread Alex
I am trying to write an application that allows two different kinds of
authentication: Users in the wild can register and use the site with a
new username, password and email and authenticate as usual, and others
can use a single-sign-on solution provided by my university. django-
cas (http://code.google.com/p/django-cas/) and django-cas-provider
(http://nitron.org/projects/django-cas-provider/) both handle the
single-sign-on solution, but they overload the username field to
correspond to the username provided by CAS. This means that if someone
registers as "johndoe" then someone who authenticates as "johndoe"
with CAS will suddenly have access to the internals of the other
account.

Is there a way to separate out these authentication methods so that
both can be used on the same django installation? (They both need
access to the same database of information.) If this isn't possible, I
may try to create a whole second instance of django running on the
same database (but then they both will want to use the "auth_users"
table anyways).

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.