httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tod <>
Subject [users@httpd] Apache SSO using NTLM, LDAP ?
Date Fri, 18 Apr 2008 18:23:09 GMT
This has to be a frequently requested feature.  There seems to be so 
much written and done with it over the years that I wonder if some sort 
of standard process has emerged.

I have an apache2 web server and the need to seamlessly (hence SSO in 
title) authenticate and pass through IE6 clients.  mod_ntlm seems to fit 
the bill but now there is a more recent mod_auth_sspi that I wonder 
isn't more feasible.

I'm going to have a population of about 10K users hitting the web server 
  which translates into a lot of hits/second.  The web site I'm working 
on is not proxied and is not optimized for performance.  Its the 
hardware's brute force that is keeping things running smoothly, in my 

I'd like to avoid injecting a performance problem, especially during 
authentication, that could add up to a lot of unsatisfied users in a 
very short period of time.

I also have the option (which I prefer) of using an LDAP directory to 
accomplish the authentication but the requirement of pass through 
authentication for IE still exists, as well as the performance hurdle.

So my questions are:

- Is mod_ntlm able to fit the bill and not incur a huge performance hit?
- Would mod_auth_sspi be a better solution using the same requirements?
- Is there a way I can authenticate users seamlessly using mod_auth_ldap?
- Is there maybe another solution, either apache mod or otherwise, 
someone can suggest that will fit the bill?

Thanks in advance!

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message