[Pythonmac-SIG] Active Directory authentication on Mac using Python

[brad.allen@omsdal.com]

Jeff Rush <jeff at taupro.com> wrote on 08/05/2005 10:33:39 PM:

> If you have only the new stuff that *requires* COM, I don't know that 
you can 
> do COM programming on the Mac (not being a Mac developer).

Thanks, Jeff.

I don't think COM will be an option. Bob Ippolito suggests
it should be do-able via Mac APIs. We will probably need a
Mac programmer with experience in this area. However, it's a
higher priority to do this on the Windows side, so we'll do
that first and in doing so get a better understanding of how
it's supposed to work. Also, if push comes to shove we could
fall back on handling the AD authentication at the server
level, but that is far less secure (this won't go outside
our internal network, so it's not totally unthinkable).

Here is Bob Ippolito's posting from the MacPython mailing list:

> The generic way to do the authentication is just to use LDAP, since 
> Active Directory is just a jazzed up LDAP database server with a non- 
> standard Kerberos implementation.  You can crib some code from 
> LDAPUserFolder for the authentication bits.  I'm not sure exactly 
> what "obtaining credentials" involves, but I'm guessing that's just a 
> Kerberos ticket?  Mac OS X should have all the APIs to do it, since 
> it has good Kerberos support which supposedly integrates well with 
> Active Directory... you'll probably have to a C extension to get at 
> that, but that should be no big deal.
> 
> Good luck, I don't have any Windows Server machines around, and am 
> not really interested in dealing with Windows... but hopefully 
> somebody else can help you :)



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/pythonmac-sig/attachments/20050805/8bc5b361/attachment.htm