httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Trent Nelson" <tnel...@onresolve.com>
Subject RE: Integrated Authentication
Date Wed, 12 Apr 2006 21:11:17 GMT

You're after NTLM support.  There's a module floating around out there
named 'mod_auth_sspi' that does this, although it can be a bit hard to
track down (see
http://www.gknw.at/development/apache/httpd-2.0/win32/modules/).

Once loaded, set up a directive like this:

<IfModule mod_auth_sspi.c>
    Alias /foo "C:/bar/foo"
    <Location /foo-auth>
        AuthName "Please Enter Your Logon Details"
        AuthType SSPI
        SSPIAuth On
        SSPIAuthoritative On
        SSPIOfferBasic On
        SSPIBasicPreferred Off
        require valid-user
    </Location>
</IfModule>

By default, if the user uses IE, it'll automatically pick their details
up without requiring them to log in.  If they're using Firefox or some
other browser that doesn't support NTLM, they'll have to log in manually
with their Windows domain credentials.

I've only ever used this from a Perl handler, so I'm not entirely sure
what exactly in the request that it sets (perhaps someone could
clarify?), but from the Perl handler, the login name was accessible from
$r->user().  Note that the format includes the domain as well, i.e.
'LIME\tnelson'.

Actually, I'd be interested to hear if anyone used this in conjunction
with mod_jk, such that the user's Windows domain login name was
available by the time it got to a servlet via
request.getUserPrincipalName() or something.  Anyone done that?  The
"Java" approach for enabling NTLM support w/ Tomcat directly seems
nasty.


	Trent.


________________________________

	From: Sergio Stateri [mailto:stateri@gmail.com] 
	Sent: 12 April 2006 21:37
	To: dev@httpd.apache.org
	Subject: Integrated Authentication
	
	

	   Hi,
	
	   Is there any way to do Apache HTTP Server recognize the users
of Operation System and put it in a System Variable, like IIS with
Integrated Authentication ? (IIS put Windows logged User in the
REMOTE_USER cgi variable).
	
	   thanks in advance for any help,
	
	   Sergio Stateri Jr.
	   stateri@gmail.com
	


Mime
View raw message