List Info

Thread: challenge/response authentication?
challenge/response authentication?
user name
 2006-05-18 16:56:29 
jemmingergmail.com wrote:
> is cherrypy capable of challenge/response
authentication on a windows
> network?  if so, are there any examples or
documentation?

CherryPy doesn't have that functionality built in, but you
can get it by
running IIS or Apache in front of CherryPy.

IIS will be easier to set up for that auth, but harder to
connect to CP.
See http://
projects.amor.org/misc/wiki/ASPGateway

Apache will be harder to set up for auth, but easier to
connect to CP.
See h
ttp://projects.amor.org/misc/wiki/ModPythonGateway

Here's most of a deployment script for Apache 2:

== Build target machine ==

 1. Install Windows Server. Make sure all power management
is off, both
in BIOS and OS.
 2. Get W2k SP4 and visit http://www.windowsupdate
.com until all updates
are installed.
 3. Stop and Disable these services: IIS Admin, WWW, SMTP,
License
Logging.
 4. Install Firefox.
 5. Install WinZip.

== Install application software on target ==

 1. TortoiseSVN: http://to
rtoisesvn.tigris.org/download.html
 2. [http://www.python.org/2.
4.2/ Python 2.4.2]:
http://www.python.org/ftp/python/2.4.2/python-2.4.2.msi
 3. Add ";C:\Python24" to system path.
 4. Pythonwin:
http://sourceforge.net/project/showfiles.php?group_i
d=78018. You may
also need mfc71.dll (if there is a message requiring it):
http://starship.python.net/crew/mhammond/downloads/m
fc71.dll
 5. svn co cherrypy: http://svn.che
rrypy.org/trunk/cherrypy
 6. cherrypy\test\test.py and cherrypy\test\test.py
--server=modpy

== Install and set up Apache ==

 1. Get the Apache2 msi: http://httpd.apa
che.org/download.cgi
 2. Get mod_python: http:
//www.apache.org/dist/httpd/modpython/win/
 3. Get mod_auth_sspi:
http://www.gknw.net/development/apache/h
ttpd-2.0/win32/modules/mod_auth_
sspi-1.0.2-2.0.54.zip Copy
mod_auth_sspi-1.0.2/bin/mod_auth_sspi.so to
Apache's modules folder.
 4. Get misc/modpython_handler.py:
http://projects.amor.org/misc/svn/modpython_gateway.py
 5. Make a new myapp.conf file. See below.
 6. In httpd.conf: Include conf/myapp.conf

== SSL-enable Apache ==

See htt
p://www.thompsonbd.com/tutorials/apachessl.php

 1. Get an openssl binary of Apache2 for Windows:
http://hunter.campbus.com/

 2. Copy the executable files (*.exe, *.dll, *.so) from the
downloaded
apache-mod_ssl distribution over your original Apache
installation
directory (remember to stop Apache first and DO NOT
overwrite your
edited config files etc.!).
 3. Get openssl binary for Windows:

http://gnuwin32.sourceforge.net/packages/openssl.htm
 4. Copy the files ssleay32.dll and libeay32.dll from the
OpenSSL folder
to WINNT\System32.
 5. Get openssl.cnf (see thompsonbd.com) and place it into
the same
folder where you unzipped OpenSSL. Windows will remove the
.cnf and will
make this file look like a dialup icon. Just ignore it.
 6. Get ssl.conf (see thompsonbd.com) and place it in the
Apache2/conf
directory.
 7. Create a certificate. Change "my-server" to
whatever you like.
    * Make a cert request: openssl req -config openssl.cnf
-new -out
my-server.csr
    * Remove the passphrase from the private key: openssl
rsa -in
privkey.pem -out my-server.key
    * Self-sign the cert: openssl x509 -in my-server.csr
-out
my-server.cert -req -signkey my-server.key -days 1825

 8. Move my-server.key and my-server.cert into
Apache/conf/ssl/ (create
the ssl folder if needed).
 9. In httpd.conf:
        LoadModule ssl_module modules/mod_ssl.so
        Include conf/ssl.conf


#myapp.conf

LoadModule sspi_auth_module modules/mod_auth_sspi.so

# Use a PythonImport only if using mpm_winnt. If you're
using
# prefork (on Unix), you'll have to use a
"PythonOption import"
# directive to the modpython_gateway handler, or a
PythonFixupHandler.

PythonImport myapp.cpdeploy machine.domain.com

<Location /mountpoint>

    SetHandler python-program    
    PythonHandler modpython_gateway::handler
    PythonOption wsgi.application cherrypy._cpwsgi::wsgiApp
    
    PythonDebug On
    
    #NT Domain auth config
    AuthType SSPI
    SSPIAuth On
    SSPIAuthoritative On
    SSPIOfferBasic On 
    SSPIDomain MYDOMAIN
    
    # following line squishes bug #1168 if IE has troubles
editing wiki
pages.   
    # VERY IMPORTANT for IE clients
    SSPIBasicPreferred On

    AuthName "My Realm"
    Require valid-user

</Location>


Robert Brewer
System Architect
Amor Ministries
fumanchuamor.org

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "cherrypy-users" group.
To post to this group, send email to cherrypy-usersgooglegroups.com
To unsubscribe from this group, send email to
cherrypy-users-unsubscribegooglegroups.com
For more options, visit this group at http://
groups.google.com/group/cherrypy-users
-~----------~----~----~----~------~----~------~--~---
[1]

about | contact  Other archives ( Real Estate discussion Medical topics )