mod_NTLM for apache 1.3
Anyone used this mod? My apache is sitting on a widnowsxp pro box serving intranet, I need to be able to capture their usernames as a variable from the headers as they connect for various scripts.
can the php global $server do this? or some other server variable?
The info for this mod is very limited, but I hear it can be done "somehow" lol
any ideas would be hot guys, im trying to port an entire asp/vbscript/win2kAS intranet to a php/apache/win2ak intranet.
Being able to obtain NT usernames would make this happen much more quickly.
Cheers
hags
"I ’ll make thee glorious by my pen, And famous by my sword." - James Graham, Marquess of Montrose (1612–1650)
mairving posted this at 02:18 — 6th November 2002.
They have: 2,256 posts
Joined: Feb 2001
I have not used it and it looks like it has reached the end of it's run with no further development. I did find this site with some useful information.
Mark Irving
I have a mind like a steel trap; it is rusty and illegal in 47 states
hagar posted this at 02:29 — 6th November 2002.
They have: 104 posts
Joined: Oct 2002
yeah that page is what ive used to install it, and i found the developers site, but it has FA details on its use other then securing directories through smoke and mirrors and .htaccess. God I hope I dont have to use LDAP or something else painful. lol
From what that link says, something in twiki is able to capture the username and compare it to the twiki username, but makes no mention of the how.
"I ’ll make thee glorious by my pen, And famous by my sword." - James Graham, Marquess of Montrose (1612–1650)
Mark Hensler posted this at 05:28 — 6th November 2002.
He has: 4,048 posts
Joined: Aug 2000
Not really. You can use $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] to get the user/pass when using HTTP Authentication. So, if your whole intranet site were to be protected by a Basic HTTP Authentication, you could get the info that way. But for a seemless solution, this wouldn't work.
You may be able to use $_SERVER['REMOTE_ADDR'] to lookup a table of clients. This would work best if your intranet had static IPs.
HTTP doesn't include enough information in the headers to identify anyone, even on a small LAN. You may be able to get a few pieces of usefull info from the TCP/IP headers (remote IP:port), but even that is limited. You'll probably need some mechanism that will query the remote machine for an ID.
Mark Hensler
If there is no answer on Google, then there is no question.
hagar posted this at 05:38 — 6th November 2002.
They have: 104 posts
Joined: Oct 2002
basic auth would just double my current workload of updating user info on the PDC, by making me then setup the same users and permissions on the web server.
We use DHCP so static IP's wont work, wouldnt work in static IP's if the user was on a different machine then normal(a usual occurence).
asp handles this seamlessly, i find it amazing that php cannot handle this security type, especially as it is installed in apache running on a windows box. Why create a windows version if there is no ability to take advantage of the operating system.
There seems little point of using apache/php in a windows environment at all, if they cant utilize the simplest security functions of the network.
I was really hoping to be able to showcase this and use it as a method of introducing open source into my work environment. So far that looks like an unlikely event.
"I ’ll make thee glorious by my pen, And famous by my sword." - James Graham, Marquess of Montrose (1612–1650)
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.