I want to set up an application (MoinMoin, to be specific) running as a Twisted web service. I'm putting it behind an Apache server (for reasons that will hopefully become clearer below...)
I have no problem setting up the application running its own service, and no problem setting up Apache2 as a reverse proxy, using mod_proxy. However, I also want Apache to authenticate users for me. The reason for this is that I want user credentials to be picked up automatically, from the user's Windows login. (This is a corporate intranet, where single sign-on based on the initial Windows login is the norm for all applications). I can set up Apache to authenticate, using mod_sspi, and this works fine for static web pages, or CGI. But my Twisted server doesn't see the username from behind the proxy. Does anyone know how I can set this up? I can see two potential ways of getting this to work. One is to set up the Twisted app to authenticate via SSPI itself - I've got this working with a non-Twisted application which does support SSPI, but I don't know of any equivalent of mod_sspi for twisted. The second approach would be to get mod_proxy to somehow pass the user ID across to the target service. However, I'm not even clear if this is possible with mod_proxy - looking at the HTTP spec, I can't see a way of passing an "authenticated user" successfully. Can anyone enlighten me? If I can't get a solution like this, I may have to resort to using FastCGI (which I've never managed to set up successfully) or mod_python (what I'm using for the moment - but it ties down the Apache and Python versions I can use a bit too tightly). Thanks for any suggestions, Paul. _______________________________________________ Twisted-web mailing list [email protected] http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-web
