I have a web application that requires users to login. I want to authenticate them on the company's Active Directory domain.
I have a working mechanism working where I can require credentials using HTTP Basic authentication, and then use python's ldap.sasl package to create an MD5 digest and pass that to the AD server for authentication.
The problem with HTTP Basic is that for a time, my application code will possess a cleartext password - I'm a trustworthy guy, of course, but this won't fly with the security team.
I could require a HTTPS Digest Authentication from the browser, but I can't re-use that MD5 digest for authenticating with Active Directory (or can I?).
Does some client-side (javascript) logic exist out there that lets me generate a MD5 digest that I can pass directly to Active Directory ?
