[Samba] automatically authenticate domain logged-on users in
apache with AD/NTDOM?
Palle Girgensohn
girgen at pingpong.net
Fri Oct 22 22:07:29 GMT 2004
Thanks a lot for these links!
Best regards,
Palle
--On fredag 22 oktober 2004 16.47 -0400 awilliam at whitemice.org wrote:
>> What I want is to skip the login prompt and instead authenticate using a
>> NTLM/Kerberos ticket...
>
> Yes.
>
>> > > What is happening between the web server & the web client? Is the
>> > > protocol open or reverse engineered? Can this authentication be done
>> > > using apache @ unix (perhaps by apache interacting with samba
>> > > somehow)?
>> > On the server side - yes, even current versions of SASL support NTLM.
>> Hmm, but there's no mod_sasl around, so I don't see how that will help?
>
> No, you don't use SASL for apache, but you might for Cyrus, etc...
>
> Squid has it's own NTLM support, several mechanism exist for doing NTLM
> or GSSAPI via apache.
>
> http://modntlm.sourceforge.net/
> http://modauthkerb.sourceforge.net/configure.html
>
>> > > Any ideas or links to more info about this would be much appreciated.
>> > On the UNIX/LINUX client side I think your stuck; nothing I've found
>> > supports it. If you in an AD domain or Kerberos environment you can
>> > probably do the same thing with GSSAPI.
>> This time I'm really not interested in unix client, only unix as server,
>> so this is OK, although someone here wrote about Mozillla handling at
>> least Kerberos...
>
> http://meta.cesnet.cz/cms/opencms/en/docs/software/devel/negotiate.html
More information about the samba
mailing list