Django can authenticate against a RADIUS server
Project description
README
Allow Django to authenticate against a RADIUS server.
Introduction
RADIUS is a protocol commonly used by ISPs for authenticating dial-in and other remote users; it’s also used by routers and other network hardware. Popular servers include FreeRADIUS, GNU RADIUS, and the delightfully-name Steel Belted RADIUS.
Motivation
This little package was developed because my place of work uses RSA SecurID token authentication, and it can be accessed via RADIUS – much more easily than their proprietary protocol.
All the heavy lifting here is doing by Wichert Akkerman’s “pyrad” package; this just wraps it up for easy consumption by Django.
The code was based on the example at http://docs.djangoproject.com/en/dev/topics/auth/#other-authentication-sources
This code tries hard to catch any error which might throw an exception so that failure of the backend (misconfigured RADIUS server, bad import, etc) returns None indicating auth faiure.
On successful authentication, the User object is returned. If this user is new to Django, a new User is created in the Django database.
Non-Features
Traditionally, upon authentication, the RADIUS server can return various attribute/value pairs such as allocated IP address and subnetmask, in addition to the Success code. ADIUS can also handle “accounting” the focus here simply on authentication.
Usage
Configuration
In your settings.py or local_settings.py, define the following variables:
RADIUS_SERVER
The IP address (or resolvable DNS name) of the server providing the RADIUS server. Example: “127.0.0.1”
RADIUS_AUTHPORT
UDP port that RADIUS is listening on for authentication requests. The old RFC standard port is 1645, but the more current one is 1812. Specify it as an integer. Example: 1812
RADIUS_SECRET
The shared secret that both the client and server use to encode the packets. Example: “The owls are not what they seem.”
Auth backends
Specify this egg in your zc.buildout configuration, or another build mechanism; you can also just use the bare code.
In your settings.py (or local_settings.py) file specify the module and class path in the authentication stack. Beware that RADIUS typically exhibits a 20-second or so timeout if it can’t auth to the server, so you may want to put it after other authentication backends you may be using. Example:
AUTHENTICATION_BACKENDS = ( 'django.contrib.auth.backends.ModelBackend', 'authbackends.authsawsbackend.AuthSawsBackend', 'koansys.authradius.AuthRadiusBackend', )
To Do
Tests. Sorry.
CHANGES
1.0.0 2009-02-25
Creating public egg code from internal private cholesterol-free code.
1.0.1 2009-02-25
Fix URL info, upload to googlecode, post to pypi.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for koansys.django.authradius-1.0.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | d9eab162573f5623dd930698082146ce25465efc6aad2c12e078edc4ad312a1f |
|
MD5 | 49feb3bb5454b8e758e37ccf72d80be8 |
|
BLAKE2b-256 | 87591e08926f39cc474e89bf1c10eb01d05f4d81a998aef8a57ac99d215cfff8 |
Hashes for koansys.django.authradius-1.0.1-py2.6.egg
Algorithm | Hash digest | |
---|---|---|
SHA256 | 2463a1d0c08d61774d125cc59393dd15997b5e974efe6a7dcc90ab8ccb592f4b |
|
MD5 | a2ba67d6cacef88a40461b2c80d4d1b4 |
|
BLAKE2b-256 | ced7389e4e1f8074965e05108a99058e4e895c9a196551ed3a63785ec9fa1a9e |