[Samba] automatically authenticate domain logged-on users
in apache with AD/NTDOM?
Palle Girgensohn
girgen at pingpong.net
Fri Oct 22 20:21:54 GMT 2004
Hi!
--On fredag 22 oktober 2004 14.21 -0400 Adam Tauno Williams
<adam at morrison-ind.com> wrote:
>> I don't use MS products at all, so I have very little knowledge with
>> them, but I believe Microsoft has as protocol where Internet Explorer
>> can automatically authenticate against an IIS server, and given that
>> the server and client are on the same NT domain, and the client user is
>> logged in to that domain, the user is automatically logged in without
>> the need to give away the password one more time to the webserver.
>
> You're talking about NTLM.
I've done some more reading, and yes, I think that's what I'm talking
about. :) MS calls it "Integrated Windows authentication". See
<http://www.microsoft.com/resources/documentation/IIS/6/all/techref/en-us/iisRG_SEC_12.mspx>
What I want is to skip the login prompt and instead authenticate using a
NTLM/Kerberos ticket...
>> What is happening between the web server & the web client? Is the
>> protocol open or reverse engineered? Can this authentication be done
>> using apache @ unix (perhaps by apache interacting with samba somehow)?
>
> On the server side - yes, even current versions of SASL support NTLM.
Hmm, but there's no mod_sasl around, so I don't see how that will help?
>> Any ideas or links to more info about this would be much appreciated.
>
> On the UNIX/LINUX client side I think your stuck; nothing I've found
> supports it. If you in an AD domain or Kerberos environment you can
> probably do the same thing with GSSAPI.
This time I'm really not interested in unix client, only unix as server, so
this is OK, although someone here wrote about Mozillla handling at least
Kerberos...
Thanks for your input!
Palle
More information about the samba
mailing list