I've successfully configured multiple auth backends with desktop.auth.backend.PamBackend and desktop.auth.backend.AllowFirstUserDjangoBackend, just to make sure I was configuring it correctly. But what I would really like is to incorporate desktop.auth.backend.SpnegoDjangoBackend as one of the auth methods. My goal is to allow users who have a krb5 ticket to get right in, but if the user does not have a ticket, they get password prompted to authenticate via PAM.
When I replace AllowFirstUserDjangoBackend with SpnegoDjangoBackend, if I have a ticket I get right in. If I do not have a ticket, rather than falling back to desktop.auth.backend.PamBackend, I get the message: "401 Unauthorized" in my browser.
I've tried it before PamBackend:
I've tried it after PamBackend:
both exhibited same behavior. My question is: is it possible to incorporate SpnegoDjangoBackend into a multiple auth backend scenario?