04-15-2020, 09:39 PM
There are a couple of built-in modules to authenticate. The only real one we have detailed documentation for alternate authentication can be found here:
http://community.southpawtech.com/docs/s...directory/
It is for Active Directory. However, the important line is:
<security>
...
<authenticate_class>tactic.active_directory.ADAuthenticate</authenticate_class>
...
</security>
Basically, this points the authentication to use a custom (or different) handler from the default. The default handler is:
pyasm.security.TacticAuthenticate
This is found in "src/pyasm.security.authenticate.py". In this file there is also another class called "LDapAuthenticate" which is what we have used to authenticate against an LDAP service. It is very simple. You just have to override a single function. Of course you can derive off of the Authenticate class and create your own. Many sites have done this.
The file you refer to: "src/pyasm/security/ldap_ad_authenticate.py" is yet another authenticate mechanism and it issued specifically to authenticate against Active Directory using the LDAP protocol, something AD does support and is the only real way to authenticate a Linux install of TACTIC against AD.
http://community.southpawtech.com/docs/s...directory/
It is for Active Directory. However, the important line is:
<security>
...
<authenticate_class>tactic.active_directory.ADAuthenticate</authenticate_class>
...
</security>
Basically, this points the authentication to use a custom (or different) handler from the default. The default handler is:
pyasm.security.TacticAuthenticate
This is found in "src/pyasm.security.authenticate.py". In this file there is also another class called "LDapAuthenticate" which is what we have used to authenticate against an LDAP service. It is very simple. You just have to override a single function. Of course you can derive off of the Authenticate class and create your own. Many sites have done this.
The file you refer to: "src/pyasm/security/ldap_ad_authenticate.py" is yet another authenticate mechanism and it issued specifically to authenticate against Active Directory using the LDAP protocol, something AD does support and is the only real way to authenticate a Linux install of TACTIC against AD.