I blogged long ago about validating users against a windows domain server using winbind. The users were logging into a web application running on a linux box and winbind allowed their main windows passwords to be used.
Well two problems have come up since those distant days:
1) Through two upgrades of the linux installation (dapper drake->feisty fawn) the python winbind module has become broken when trying to use python version 2.4. It may work with the latest python 2.5 but I am using an old version of turbogears that relies on many old libraries, not all of which are still available in version 2.4 builds. I've tried rebuilding stuff but there seems to be a deep dependency problem between the python module and the winbind library.
2) I want to use the same trick in ruby but I cannot find a winbind gem.
Solution: shell out to a command line tool:
Python version:
bOk = False if os.system( 'ntlm_auth --username="%s" --password="%s"' % (strUserName.strip(), strPassword.strip())): bOk = True
Ruby version:
bOk = system( 'ntlm_auth --username="#{strUserName.strip}" --password="#{strPassword.strip}"')
This is slightly horrible not just because it runs a shell but also because it will send plain-text passwords over the network, unencrypted so any packet sniffer can see them.
This seems to work from with fastcgi based web application. I'm not sure mod_python would allow system calls but I think I prefer fastcgi anyway as it's less flaky.
UPDATE: it is slightly more horrible because it doesn't escape special characters in the username or password: for example it is broken if the password contains and ampersand.
Peter's Moblog
excuse me Peter, why did you fire me? do I get severance pay?