Metadata-Version: 1.0
Name: django-kerberos
Version: 1.1.0
Summary: Kerberos authentication for Django
Home-page: http://dev.entrouvert.org/projects/authentic/
Author: Benjamin Dauvergne
Author-email: bdauvergne@entrouvert.com
License: AGPLv3 or later
Description: Kerberos authentication for Django
        ==================================
        
        Provide Kerberos authentication to Django applications.
        
        Basic usage
        ===========
        
        Add this to your project `urls.py`::
        
            url('^accounts/kerberos/', include('django_auth_kerb.urls')),
        
        And use the default authentication backend, by adding that to your `settings.py` file::
        
            AUTHENTICATION_BACKENDS = (
                'django_auth_kerberos.backends.KerberosBackend',
            )
        
        Settings
        ========
        
        `KERBEROS_HOSTNAME`
        -------------------
        
        Hostname for retrieving the service key, the correspondig principal will be
        `HTTP/{KERBEROS_HOSTNAME}@DEFAULT_REAML`, default is `None`. If `None` the hostname
        from the request will be used.
        
        `KERBEROS_BACKEND_CREATE`
        -------------------------
        
        Whether to create user if no existing model can be found, default is `False`.
        
        `KERBEROS_BACKEND_ADMIN_REGEXP`
        -------------------------------
        
        A regular expression that the principal must match to get superuser privileges,
        default is `None`. A classic example could be `r'^.*/admin$'`.
        
        `KERBEROS_SERVICE_PRINCIPAL`
        -----------------------------------
        
        The service principal to use when checking a password against the
        KDC, you don't need the secret key for this principal, it should
        just exist inside the Kerberos database as the check is done by
        trying to get ticket for this service. Default is
        None. It's used only by the pseudo password haser
        and the login/password authentication backend.
        
        `KERBEROS_KEEP_PASSWORD`
        ------------------------
        
        Does the KerbersoPasswordBackend store a hash of the
        checked password inside the user model each time a
        user log in. Default is False. It allows your
        website to provide a backup authentication if
        Kerberos is failing or if you ever need to detach
        from the realm.
        
        Custom backend
        ==============
        
        A custom authentication backend can be used, in this case the signature of the
        authenticate method must be::
        
            class CustomKerberosBackend(object):
                def authenticate(self, principal=None):
                    pass
        
        Sample application
        ==================
        
        First you need to install django-kerberos into your environment like that::
        
            python setup.py install
        
        If you want to try the sample application you must add this line to your `/etc/hosts` file, absolutely at the beginning::
        
            127.0.0.1 test.example.com
        
        Then you must connect to your Kerberos administration server and add the
        principal HTTP/test.example.com and export its key in a keytab file::
        
            $ kadmin -p myuser/admin
            kadmin: addprinc -randkey HTTP/test.example.com
            kadmin: ktadd -k /tmp/keytab HTTP/test.example.com
        
        Finally you can run the sample::
        
            cd sample; KRB5_KTNAME=FILE:/tmp/keytab python ./manage.py runserver
        
        Now you should be able to login on http://test.example.com:8000/
        
        The sample project is configured so that all principal ending with `/admin` get
        the staff and superuser flags. You can change that by editing the key
        `KERBEROS_BACKEND_ADMIN_REGEXP` in `sample/sample/settings.py`.
        
        Pseudo hasher
        =============
        
        A pseudo hasher whose import path is `django_kerberos.hashers.KerberosHasher`
        provide a mean to associate a Django user model to a Kerberos identity.
        
        The content of the password field must be `kerberos$<principal name>`.
        
        To create an user for a principal you can do::
        
           User.objects.create(username=new_username, password='kerberos$' + principal)
        
        Login/Password backend
        ======================
        
        If your users does not have their browser configured
        for SPNEGO HTTP authentication you can also provide
        a classic login/password form which check passwords
        using Kerberos.
        
Platform: UNKNOWN
