Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Kerberos Authentication in Rails

Is it possible to use kerberos to authenticate a user under rails? Are there any existing plugins (preferably which extend authlogic's functionality) to do this?

like image 635
Ryan Avatar asked Feb 05 '10 18:02

Ryan


2 Answers

I'm hoping someone else will come around and show us a pure Rails way of doing this. But until then, the easiest way to get things going is by letting your web server handle it.

On that note, I'm going to assume Apache. If this is not the case, please tell us a bit more about your set-up.


Proper Kerberos authentication in browsers is done in the HTTP protocol itself, much like Basic or Digest authentication. In Apache, this can be done with mod_kerb_auth.

Then the next step is to find out how to retrieve the username. It depends a bit on the interface you're using between the web-server and your Rails app. This could be Passenger, FastCGI, mod_proxy, etc.

Many will follow the original CGI standard to some degree, passing along a bunch of environment variables with the request. Try the following in your controller:

username = request.env['REMOTE_USER']

That's as far as I can take you. I've never used authlogic. Though, by the looks of it, it supports plugins. Perhaps you can create a new one that blindly trusts REMOTE_USER if it is set?

like image 118
Stéphan Kochen Avatar answered Sep 27 '22 17:09

Stéphan Kochen


If you wanto to switch from authlogic to Omniauth for your authentication there's a module for it:

https://github.com/jgraichen/omniauth-kerberos

like image 43
Luke Avatar answered Sep 27 '22 19:09

Luke