Implement authentication and user role based access.

[nanotechz9l]

Please implement user authentication, role based access and AD. Currently anyone hat hits the page can see every scan result. This is no bueno on rtos.

[p-l-]

On the Web interface, authentication has to be implemented by properly configuring the Web server.

In an AD or Kerberos environment for example, Apache can be configured to provide SSO.

The web server will set the REMOTE_USER environment variable, that Ivre is able to use to create per-user filters that the user cannot override. The corresponding configuration options are WEB_DEFAULT_INIT_QUERY and INIT_QUERIES.

For example, if you want that:

• by default, a user cannot access any result,
• the user admin@SUBNETWORK.NETWORK.AD can access results in the SubNetwork category,
• users in @ADMIN.NETWORK.AD can access any results,
  just write the following in /etc/ivre.conf:

WEB_DEFAULT_INIT_QUERY = 'noaccess'
WEB_INIT_QUERIES = {
    'admin@SUBNETWORK.NETWORK.AD': 'category:SubNetwork',
    '@ADMIN.NETWORK.AD': 'full',
}

IVRE cannot not, as of today, use authorization information (group membership) in an AD or LDAP environment. But we do accept pull requests.

I hope this will help you. Feel free to re-open this issue!