On Feb 19, 2:15 am, geraldcor <gregco...@gmail.com> wrote: > All of your comments prompted me to start reverse engineering what > django does and I came across the check_password method which just > separates the algorithm, salt and hash and then sends it to the > following method to compare the raw password to the hash password. So > basically, in Ruby, I can do the same thing using a similar library > and all will be good - I think. Does that sound reasonable? It might work, but did you consider using a Single-Sign-On technique like CAS: http://www.ja-sig.org/wiki/display/CASC/Ruby+on+Rails+CAS+Client and http://code.google.com/p/django-cas/ ? This basicly lets you authenticate RoR apps through CAS and your CAS server is just a simple django app. User profiles remain independent. > > Greg > > def get_hexdigest(algorithm, salt, raw_password): > """ > Returns a string of the hexdigest of the given plaintext password > and salt > using the given algorithm ('md5', 'sha1' or 'crypt'). > """ > raw_password, salt = smart_str(raw_password), smart_str(salt) > if algorithm == 'crypt': > try: > import crypt > except ImportError: > raise ValueError('"crypt" password algorithm not supported > in this environment') > return crypt.crypt(raw_password, salt) > > if algorithm == 'md5': > return md5_constructor(salt + raw_password).hexdigest() > elif algorithm == 'sha1': > return sha_constructor(salt + raw_password).hexdigest() > raise ValueError("Got unknown password algorithm type in > password.") > > On Feb 18, 8:35 am, Alex Robbins <alexander.j.robb...@gmail.com> > wrote: > > > > > You could have a secure url that the RoR apps redirect to if the user > > isn't authenticated with Rails. That url would have the login_required > > decorator. If they successfully login on the django side (or are > > already logged in), then they get redirected with some sort of get > > variable user id + hash combo. You could check the validity of the > > user id from the hash (using a shared secret). > > > Alex > > > On Feb 17, 4:09 pm, geraldcor <gregco...@gmail.com> wrote: > > > > Hello all, > > > > Internally, we have some RoR apps and Django apps. Our main website > > > runs on Django and is considered to be the main portal for all other > > > apps. Currently, we have a Rails authentication system and a Django > > > authentication system. We want to have one user table to authorize > > > against. > > > > The only problem I see is that the password stored in auth_user is > > > salted and hashed and impossible to get at because the salt is not > > > saved. How can I use the django auth_user inRubyOn Rails? > > > > I have found this:http://docs.djangoproject.com/en/dev/howto/apache-auth/ > > > but I don't know if that will work on therubyserver. Both ror and > > > django applications that we want to authenticate are on the same > > > server and use the same db (except our main website which is on > > > webfaction - but that's a different story I will tackle later - > > > possibly replication?). > > > > So, anyone know how to a) access the raw string from auth_user or b) > > > set upruby(or other language and extrapolate) to properly interpret > > > the password hash? > > > > Thanks for listening. > > > > Greg
-- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-us...@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
