我在考虑来自Apache迁移到Lighttpd的一个内部Web应用程序，使用Python编写的。问题是，我依靠的libapache2-MOD-AUTH-NTLM，winbind的......这不是真正似乎是一个很好的支持和放大器;更新包（尽管这可能是因为它确实工作得很好）。

I'm considering moving from Apache to Lighttpd for an internal web application, written with python. The problem is that I'm relying on libapache2-mod-auth-ntlm-winbind ... which doesn't actually seem to be a well support & updated package (though that could be because it really does work well).

我在寻找它会采取什么用Django的处理HTTP认证的建议和提示。这将让我成为web服务器无关，并可能是一个大的学习经验。

I'm looking for suggestions and hints about what it would take to use django itself to handle the HTTP authentication. This would allow me to be web-server-agnostic, and could potentially be a grand learning experience.

一些局部的问题：

我希望能写一个模块来简化这个技巧可能与社区共享。

I would love to be able to write a module to simplify this technique which could be shared with the community.

推荐答案

部分答案：

您可以（也应该）通过NTLM身份验证关到外部帮手。基本上，在机器上安装Samba，配置，加入域，使winbind的，然后使用ntlm_auth帮手二进制，很可能在管模式。

You can (and should) pass the NTLM auth off to an external helper. Basically, install Samba on the machine, configure it, join the domain, enable winbind, then use the "ntlm_auth" helper binary, probably in "pipe" mode.

鉴定的NTLM会话需要一个安全的管道到域控制器，它需要的凭据（如桑巴/域成员计算机帐户）。这是到那里最快的路线。

Authenticating an NTLM session requires a secure pipe to the domain controller, which needs credentials (e.g. a Samba/domain-member machine account). This is the quickest route to get there.

鱿鱼（该证明WebCache）具有$ C $下使用外部辅助做NTLM身份验证; FreeRADIUS的做类似的事情。

Squid (the webcache) has code for doing NTLM auth using the external helper; FreeRadius does something similar.

权威性本身NTLM不提供任何组信息;当然，如果你正在运行winbind的，你可以使用来电wbinfo的获取用户群体。

The NTLM auth itself does not provide any group info; if you're running winbind you could of course use calls to "wbinfo" to get user groups.