It should be possible to include domain in the user identifier

Legrandin / PyAuthenNTLM2

PyAuthenNTLM2 is an authentication module for Apache. It validates a user by means of the NTLM protocol and a separate Domain Controller (or Active Directory server).

Other

57 stars 42 forks source link

It should be possible to include domain in the user identifier #6

Open Legrandin opened 12 years ago

Legrandin commented 12 years ago

Right now, only the user's account name is put into the REMOTE_USER variable, and passed to the underlying application.

It would be nice if there was an option that allowed REMOTE_USER to also include the domain name.

For instance, let's say we have the domain WINDOM and a user John Doe with account name jdoe. Today, after authentication, the application behind Apache will display 'jdoe'. In some cases, it is preferable to have 'WINDOM\jdoe'.

ojkoorde commented 11 years ago

Whoever wants to have username as 'domain\user' needs to change PyAuthenNTLM2-2.2/pyntlm.py: 1) line #326 from 'req.user = user' to 'req.user = domain + '\' + user' 2) line #333 from 'req.connection.notes.add('NTLM_AUTHORIZED',user)' to 'req.connection.notes.add('NTLM_AUTHORIZED',domain + '\' + user)'

Regards, Artur

Legrandin commented 11 years ago

I added a specific option called NameFmt so that one can choose to have only the user name or the logon name in REMOTE_USER.

https://github.com/Legrandin/PyAuthenNTLM2/commit/9595b273c9b2b8a53cef7cfe4dfdb78718d681cc https://github.com/Legrandin/PyAuthenNTLM2/commit/20d6356cc8b22ed96b149f39d2a8bdd8901a83e8 https://github.com/Legrandin/PyAuthenNTLM2/commit/2b6053d35a8f121e9a69b7582dcdd8fb72b46d13