[Samba] automatically authenticate domain logged-on users in apache with AD/NTDOM?

Palle Girgensohn girgen at pingpong.net
Fri Oct 22 20:21:54 GMT 2004


--On fredag 22 oktober 2004 14.21 -0400 Adam Tauno Williams 
<adam at morrison-ind.com> wrote:

>> I don't use MS products at all, so I have very little knowledge with
>> them,  but I believe Microsoft has as protocol where Internet Explorer
>> can  automatically authenticate against an IIS server, and given that
>> the server  and client are on the same NT domain, and the client user is
>> logged in to  that domain, the user is automatically logged in without
>> the need to give  away the password one more time to the webserver.
> You're talking about NTLM.

I've done some more reading, and yes, I think that's what I'm talking 
about. :)  MS calls it "Integrated Windows authentication". See 

What I want is to skip the login prompt and instead authenticate using a 
NTLM/Kerberos ticket...

>> What is happening between the web server & the web client? Is the
>> protocol  open or reverse engineered? Can this authentication be done
>> using apache @  unix (perhaps by apache interacting with samba somehow)?
> On the server side - yes, even current versions of SASL support NTLM.

Hmm, but there's no mod_sasl around, so I don't see how that will help?

>> Any ideas or links to more info about this would be much appreciated.
> On the UNIX/LINUX client side I think your stuck;  nothing I've found
> supports it.  If you in an AD domain or Kerberos environment you can
> probably do the same thing with GSSAPI.

This time I'm really not interested in unix client, only unix as server, so 
this is OK, although someone here wrote about Mozillla handling at least 

Thanks for your input!


More information about the samba mailing list