httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eddy.COLL...@cec.eu.int
Subject RE: [users@httpd] Serving according to NTFS permissions
Date Thu, 24 Apr 2003 13:04:00 GMT
William A. Rowe, Jr. [wrowe@rowe-clan.net] wrote :

>At 04:45 AM 4/16/2003, Eddy.COLLART@cec.eu.int wrote:
>
>>2. I was wondering if the NTLM authentication might be more 
>>appropriate, but I still can't figure how security would be enforced at 
>>a document level, except through some server side cgi that would 
>>fulfill requests and do the trick.
>
>IIUC, mod_auth_sspi now lets you do user impersonation on Win32.
>
>http://www.syneapps.com/software/mod_auth_sspi/
>
>The module compiled for 2.0.42-.43 should load on any later version of 2.0,
but it appears Tim is 
>busy with other things.  I encourage you to try it though.

Hi, I knew the module already, and I went through most of its doc but I
couldn't find anything about user impersonation...

Roughly, it can be used to authenticate but that will result in authorizing
or denying access to a resource directory. I was wondering if beyond the
directory access control there might be something to check that the
credentials passed are to be given access to each document. Using the NTLM
or LDAP auth methods seemed the easiest way for me.

Right now, the Quick and Dirty (TM) solution that I think of is having a
page in a LDAP/NTLM (pick one) directory that has an IFRAME tag pointing to
a shared folder on a server...
That kind of does the work, but I thought of moving to SSL for the
confidential documents directories, and obviously, since I'm just running an
explorer on a share, that is not feasible (and FYI, MS Encrypted FS decrypts
before sending, piece of crap).

Have I missed something ? Any other suggestion... Other than writing a
"PER_NTLM_USER_MPM" ;-)

Thanks

ECB

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message