Install on fileservers: ask domain, user and pass at startup
Brought to you by:
jpmcc
Menu
▾
▴
#11 Install on fileservers: ask domain, user and pass at startup
I am deploying an installation on a central file server, because I want to run NTLMAPS on many PCs, where I want to have minimal configuration. Also I do not want people to store passswords in files, local or on the server. We are in a multidomain environment.
Therefore I changed the source in order to have it ask the complete set of credentials at startup. The changes are somehow verbose but very, very simple, so I hope they will be incorporated in future versions.
- In config_affairs.py, change lines 74-75 to read:
if not conf['NTLM_AUTH'].has_key('NT_DOMAIN'):
conf['NTLM_AUTH']['NT_DOMAIN'] = ''
- In server.py, change lines 36-45 to read:
if not self.config['NTLM_AUTH']['NT_DOMAIN']:
tries = 3
print '------------------------'
while tries and (not self.config['NTLM_AUTH']['NT_DOMAIN']):
tries = tries - 1
sys.stdout.write('Your NT domain to be used: ')
self.config['NTLM_AUTH']['NT_DOMAIN'] = sys.stdin.readline()[:-1]
if not self.config['NTLM_AUTH']['NT_DOMAIN']:
print 'Sorry. NT_DOMAIN is required, bye.'
sys.exit(1)
if not self.config['NTLM_AUTH']['USER']:
tries = 3
print '------------------------'
while tries and (not self.config['NTLM_AUTH']['USER']):
tries = tries - 1
sys.stdout.write('Your username to be used: ')
self.config['NTLM_AUTH']['USER'] = sys.stdin.readline()[:-1]
if not self.config['NTLM_AUTH']['USER']:
print 'Sorry. USER is required, bye.'
sys.exit(1)
if not self.config['NTLM_AUTH']['PASSWORD']:
tries = 3
print '------------------------'
while tries and (not self.config['NTLM_AUTH']['PASSWORD']):
tries = tries - 1
self.config['NTLM_AUTH']['PASSWORD'] = getpass.getpass('Your password to be used: ')
if not self.config['NTLM_AUTH']['PASSWORD']:
print 'Sorry. PASSWORD is required, bye.'
sys.exit(1)
(you will notice the shameless copy&paste among the three parameters)
Also, in order to avoid installing the python interpreter in all the PCs, I used py2exe in order to deliver an executable, that can be executed directly from the file server. This is the setup.py that I used:
from distutils.core import setup
import py2exe
setup(
console=['main.py'],
package_dir = {'': 'lib'},
py_modules = [
'config',
'config_affairs',
'server',
'logger',
'monitor_upstream',
'ntlm_procs',
'proxy_client',
'www_client',
'basic_auth',
'des',
'des_data',
'md4',
'http_header',
'ntlm_auth',
'utils',
'U32',
'des_c',
'ntlm_messages',
]
)
You can execute "c:\whatever\python setup.py py2exe" and it will create a "main.exe" in the dist subdirectory. I suggest you incorporate the changes, the file and the command suggestion in the next version. If you want to do that, you have explicit permission to do that without any copyright problems, and if you want a formal renounce just tell.
Best regards,
Bergonz
Look for ntlmaps version 1.0 to be released shortly (automatic tarball generated from current SVN tree has the changes already) which implement the py2exe change you suggest, and also implements a method to store the password in the file not as plaintext, but hashed. ntlmaps now also looks in a user's home directory for a ~/.ntlmaps.conf file, which if present, overrides the system's provided /etc/ntlmaps/server.cfg file. You can store per-user config settings, including the hashed passwords, there.
Look for ntlmaps version 1.0 to be released shortly (automatic tarball generated from current SVN tree has the changes already) which implement the py2exe change you suggest, and also implements a method to store the password in the file not as plaintext, but hashed. ntlmaps now also looks in a user's home directory for a ~/.ntlmaps.conf file, which if present, overrides the system's provided /etc/ntlmaps/server.cfg file. You can store per-user config settings, including the hashed passwords, there.