httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] Pass-through LDAP authentication with Internet Explorer and Active Directory
Date Tue, 16 Sep 2008 20:51:41 GMT
André Warnier wrote:
> Eric Covener wrote:
>>>> So, it looks like I need mod_setenvif, right?  Could anybody write a 
>>>> quick
>>>> directive that would look at REMOTE_USER to see if there is a backslash
>>>> ("\"), and if there is, set the same variable to everything 
>>>> following the
>>>> backslash?  I think this would solve my problem.  I would rather use
>>>> mod_authnz_ldap that  mod_auth_sspi as it is included with Apache 
>>>> and is
>>>> well-supported.
>>
>> The authentication/authorization modules don't read from the
>> REMOTE_USER environment variable.
>>
> Party pooper !
> 
Clayton,
I kind of get a feeling that Eric is right though, because a) he usually 
seems to know his stuff, and b) that would not be very secure, to say 
the least.
That would mean that we are back to try and figure out what exactly 
happens between IE and the server, and it what circumstances exactly IE 
sends this domain\user-id thing.

But maybe Eric can help there ?
Eric, what kind of "401" does mod_authnz_ldap send to the browser when 
it needs authentication ? Basic ?
Then I can't quite imagine Clayton's scheme working, because IE would 
never of its own device send the user's password (I don't even think it 
knows it).



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message