NT Domain Controller#

Examples#

TODO

Usage#

TODO

Module description#

Implementation of a domain controller that allows users to authenticate against a Windows NT domain or a local computer.

Used by HTTPAuthenticator. Only available on linux and macOS.

See also https://wsgidav.readthedocs.io/en/latest/user_guide_configure.html

Purpose#

Usage:

from wsgidav.dc.nt_dc import NTDomainController
domain_controller = NTDomainController(wsgidav_app, config)

where:

  • domain_controller object corresponds to that in wsgidav.yaml or as input into wsgidav.http_authenticator.HTTPAuthenticator.

  • preset_domain allows the admin to specify a domain to be used (instead of any domain that may come as part of the user_name in domainuser). This is useful only if there is one domain to be authenticated against and you want to spare users from typing the domain name

  • preset_server allows the admin to specify the NETBIOS name of the domain controller to be used (complete with the preceding \). if absent, it will look for trusted domain controllers on the localhost.

This class allows the user to authenticate against a Windows NT domain or a local computer, requires NT or beyond (2000, XP, 2003, etc).

This class requires Mark Hammond’s Win32 extensions for Python at here or sourceforge

Information on Win32 network authentication was from the following resources:

Testability and caveats#

Digest Authentication

Digest authentication requires the password to be retrieve from the system to compute the correct digest for comparison. This is so far impossible (and indeed would be a big security loophole if it was allowed), so digest authentication WILL not work with this class.

Highly recommend basic authentication over SSL support.

User Login

Authentication will count as a user login attempt, so any security in place for invalid password attempts may be triggered.

Also note that, even though the user is logged in, the application does not impersonate the user - the application will continue to run under the account and permissions it started with. The user has the read/write permissions to the share of the running account and not his own account.

Using on a local computer

This class has been tested on a local computer (Windows XP). Leave domain as None and do not specify domain when entering user_name in this case.

Using for a network domain

This class is being tested for a network domain (I’m setting one up to test).