This module contains Gate One's authentication classes. They map to Gate One's --auth configuration option like so:
--auth=none | NullAuthHandler |
--auth=kerberos | KerberosAuthHandler |
--auth=google | GoogleAuthHandler |
--auth=pam | PAMAuthHandler |
Note
API authentication is handled inside of Gate One
By default Gate One will not authenticate users. This means that user sessions will be tied to their browser cookie and users will not be able to resume their sessions from another computer/browser. Most useful for situations where session persistence and logging aren't important.
All users will show up as ANONYMOUS using this authentication type.
Kerberos authentication utilizes GSSAPI for Single Sign-on (SSO) but will fall back to HTTP Basic authentication if GSSAPI auth fails. This authentication type can be integrated into any Kerberos infrastructure including Windows Active Directory.
It is great for both transparent authentication and being able to tie sessions and logs to specific users within your organization (compliance).
Note
The sso.py module itself has extensive documentation on this authentication type.
If you want persistent user sessions but don't care to run your own authentication infrastructure this authentication type is for you. Assuming, of course, that your Gate One server and clients will have access to the Internet.
Note
This authentication type is perfect if you're using Chromebooks (Chrome OS devices).
The base class for all Gate One authentication handlers.
Called immediately after a user authenticates successfully. Saves session information in the user's directory. Expects user to be a string containing the username or userPrincipalName. e.g. 'user@REALM' or just 'someuser'.
A handler for when no authentication method is chosen (i.e. --auth=none). With this handler all users will show up as "ANONYMOUS".
Google authentication handler using Tornado's built-in GoogleMixin (fairly boilerplate).
Handles authenticating users via Kerberos/GSSAPI/SSO.