httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Fabrizio Reale <fabrizio.re...@redomino.com>
Subject [users@httpd] Re: Use NTLM only when needed
Date Fri, 09 Nov 2007 10:17:18 GMT
Hi Christian,

> On Tue, Nov 06, 2007 at 10:41:57PM +0100, Fabrizio Reale wrote:
>> I have a web application (Plone) which has its own authentication, but in
>> an intranet I set up the NTLM authentication using the mod_ntlm module.
>> It works very well when I am using a windows PC, but when I use my Linux
>> desktop I must login using the ugly NTLM popup window.
>> I would rather prefer to use the standard login of the web application.
>> So if I can perform the NTLM authentication the system should
>> authomatically log me, but if not I would like to see the application as
>> an anonimous user.
>> 
>> Does any one know how to do that?

> I can think of a hack including mod_rewrite and possibly mod_security,
> but it means a potential breach of your security and is really
> complicated. Unless you absolutely have to (and "ugly popup" sounds
> annoying, but not really lethal) I would stick with the situation
> as is. If you really have to, then there are a lot of learning
> opportunities ahead. ;)

The ugly popup is shown before any page, so the user can not even know where
is going and it is not easy to write a password without viewing a page.

What hack do you suggest?

> However, I'd be happy to hear about Firefox on Linux being able to respond
> to NTLM by itself. Have not checked that in quite some time. And it
> would solve your problem too, I suppose.

No, because sometimes I am not in the intranet.

Thank you,
Fabrizio

-- 
Fabrizio Reale                               fabrizio.reale@redomino.com
Redomino S.r.l.                 Largo Valgioie 14 - 10146 Torino - Italy
Tel: +39 011 7499875 - Fax: +39 011 3716911    http://www.redomino.com/



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message