welcome: please sign in

The following 362 words could not be found in the dictionary of 7 words (including 7 LocalSpellingWords) and are highlighted below:
access   According   accounts   add   address   administrator   against   all   Also   an   and   Apache   apache   Apache2   appropriate   archive   are   as   As   assume   at   At   auth   Auth   Authenticating   Authentication   authentication   Authoritative   auto   Auto   autocreate   automatically   avoid   aware   Back   based   Basic   be   Because   Before   below   bottom   broken   browsers   built   by   can   centralized   changing   checkbox   checkboxes   com   Company   completion   conf   config   configuration   Configuration   Configuring   Congratulations   Contents   Controller   copy   corporate   created   Customize   customize   desktop   developed   development   diagnose   dialog   dialogues   did   directives   disable   disabled   dist   document   doesn   domain   Domain   down   Download   downloading   due   easy   Edit   editor   email   Email   enforced   enter   environment   environments   even   every   everyone   example   expanding   explicitly   fields   file   Files   fill   firefox   folder   followed   following   For   for   form   Fortunately   found   friendly   from   further   general   Generally   generally   gknw   great   greater   Group   handling   has   have   help   Help   here   how   Http   http   httpd   if   If   import   in   In   include   including   information   install   Install   installation   installing   Installing   installs   instead   instructions   Internal   into   Ioffer   irrelevant   is   it   last   later   license   like   line   link   links   Linux   load   Load   located   Location   Logging   logical   Login   login   logout   longer   make   Master   may   method   methods   mod   modifications   modify   Module   module   modules   more   most   mozilla   much   mywiki   name   Name   neat   need   no   normal   not   note   Note   Now   now   obsolete   Of   of   off   Offer   old   Older   Omit   On   on   once   Only   open   Optionally   or   org   our   Pad   page   password   password2   Patch   patch   perhaps   please   plugin   point   preference   preferences   Preferences   Preferred   preferred   presumably   primarily   proceeding   process   Program   py   re   recommended   relevant   reliably   remove   Remove   Require   require   Requirements   requires   requiring   restrictions   reverse   right   root   running   sadly   same   samples   Scroll   scroll   section   see   See   series   Server   server   session   set   setting   show   shows   since   snippet   so   something   sometimes   sspi   step   successfully   such   superuser   sure   System   systems   Table   take   tells   test   tested   Text   text   textpad   that   The   the   their   them   there   These   these   thing   this   This   three   through   to   top   towards   True   try   two   Type   under   unix   Unix   unlike   Unzip   up   use   Use   user   User   username   users   Using   using   usually   valid   ve   version   versions   want   was   way   we   well   went   what   where   Wiki   wiki   wikiconfig   will   Win   win32   Win32   Win98   Windows   With   with   without   work   working   works   wouldn   wrong   www   xx   you   your   yourself   zip  

Clear message
Page Locked

HelpOnInstalling / ApacheOnWin32withDomainAuthentication

1. Authenticating against Windows-Domain using SSPI

Contents

  1. Authenticating against Windows-Domain using SSPI
    1. System Requirements
    2. Installing & Configuring
      1. Download & Install mod_auth_sspi
      2. Apache Configuration
      3. Wiki Configuration
      4. Customize user preferences
      5. Auto-email completion
    3. Logging in

For running moin in corporate environment access restrictions has to be enforced reliably. Generally, in these environments, centralized domain authentication is the preferred method. Fortunately, this is easy to set up with moin 1.5 with the help of the SSPI-plugin for Apache. This document will take you through the step-by-step for setting this up.

1.1. System Requirements

note: Older versions of Windows is not recommended (including Win98, WinME, perhaps even WinNT) due to their obsolete process-handling methods.

1.2. Installing & Configuring

The following section is broken into:

1.2.1. Download & Install mod_auth_sspi

Before proceeding, make sure that you have a working and tested MoinMoin installation. The last thing you want is to install it all at once, have something not working, and try to reverse-diagnose what went wrong and where.

Download SSPI

  1. http://www.gknw.at/development/apache/httpd-2.0/win32/modules/

    • Download the version that's appropriate to your server. For example, the file mod_auth_sspi-1.0.4-2.0.58.zip is SSPI version 1.0.4 built against Apache version 2.0.58.

  2. Unzip the sspi file, copy the mod_auth_sspi.so file into the Apache modules folder (generally located here: c:\Program Files\Apache Group\Apache2\modules\

1.2.2. Apache Configuration

Edit your http.conf file (usually found in c:\Program Files\Apache Group\Apache2\conf\). Use an appropriate text editor (such as TextPad), avoid using NotePad.

Scroll down to the LoadModule section, and add the line at the bottom of this section (this tells Apache to load the mod_auth_sspi.so module): 

    LoadModule sspi_auth_module modules/mod_auth_sspi.so

Now, scroll down to the bottom of the http.conf file, and add the following: 

#
## Domain authentication using mod_auth_sspi.so
#
<IfModule !mod_auth_sspi.c>
    LoadModule sspi_auth_module modules/mod_auth_sspi.so
</IfModule>
# Change /mywiki in the line below to match what you have in the separate ScriptAlias line.
# If you explicitly followed the directions on ApacheOnWin32, this will be /mywiki
<Location /mywiki>
AuthType SSPI
AuthName "Company Internal Wiki - Login using your DOMAIN username and password"
Require valid-user
SSPIAuth On
SSPIAuthoritative On
# replace the IP address below with the IP of your domain controller:
SSPIDomain 192.168.1.15
SSPIOmitDomain On
SSPIOfferBasic On
SSPIBasicPreferred On
SSPIofferSSPI off
</Location>

1.2.3. Wiki Configuration

Now you will need to modify your Moin configuration so that user accounts are automatically created based on their domain authentication. Using an appropriate text editor, open the wikiconfig.py configuration file in the root of your moin install (if you followed the instructions on HelpOnInstalling/ApacheOnWin32 explicitly, this file will be here C:\Moin\mywiki\wikiconfig.py). 

    ## Domain Authentication using mod_auth_sspi.so
    from MoinMoin.auth.http import http
    from MoinMoin.auth import moin_session
    auth = [http, moin_session]
    user_autocreate = True

At this point, test your wiki and make sure you can successfully login (see the Logging in section below). Congratulations if all is well!

Optionally, you may want to add further modifications now that you are successfully using domain authentication. These directives remove links and fields that are no longer relevant with domain authentication. Back in the wikiconfig.py add following in the User Preferences section: 

    # Remove the 'logout' link at the top of every page, since it no longer works with domain authentication:
    show_login = 0
    #
    # Remove irrelevant fields from the user preferences:
    user_form_remove = ['password', 'password2', 'logout',]
    #
    # Remove irrelevant checkboxes from the user preferences (disable at Domain Server instead):
    user_checkbox_remove = [ 'disabled', ]

1.2.4. Customize user preferences

As administrator (you did add yourself as superuser in wikiconfig.py, right?! ;-) ), you will want to customize the user preferences dialogues, since most of them is no longer relevant.

In the dist archive under wiki/config/more_samples is a config snippet that shows how to customize user preferences, please see there!

1.2.5. Auto-email completion

Because we're on a domain (and presumably everyone has the same email domain), wouldn't it be neat to auto-fill in the email address for our users?

See MoinMoinPatch/HttpAuthAutoEmail for a patch!

1.3. Logging in

With normal browsers like mozilla or firefox you have to enter 'domain\username' as username and your password. Only IE shows a dialog with three fields (sometimes) instead of two: name, domain, password.