[Samba] automatically authenticate domain logged-on users in
apache with AD/NTDOM?
awilliam at whitemice.org
awilliam at whitemice.org
Fri Oct 22 20:47:38 GMT 2004
> What I want is to skip the login prompt and instead authenticate using a
> NTLM/Kerberos ticket...
Yes.
> > > What is happening between the web server & the web client? Is the
> > > protocol open or reverse engineered? Can this authentication be done
> > > using apache @ unix (perhaps by apache interacting with samba somehow)?
> > On the server side - yes, even current versions of SASL support NTLM.
> Hmm, but there's no mod_sasl around, so I don't see how that will help?
No, you don't use SASL for apache, but you might for Cyrus, etc...
Squid has it's own NTLM support, several mechanism exist for doing NTLM
or GSSAPI via apache.
http://modntlm.sourceforge.net/
http://modauthkerb.sourceforge.net/configure.html
> > > Any ideas or links to more info about this would be much appreciated.
> > On the UNIX/LINUX client side I think your stuck; nothing I've found
> > supports it. If you in an AD domain or Kerberos environment you can
> > probably do the same thing with GSSAPI.
> This time I'm really not interested in unix client, only unix as server, so
> this is OK, although someone here wrote about Mozillla handling at least
> Kerberos...
http://meta.cesnet.cz/cms/opencms/en/docs/software/devel/negotiate.html
More information about the samba
mailing list