[Samba] automatically authenticate domain logged-on users in
apache with AD/NTDOM?
Andrew Bartlett
abartlet at samba.org
Mon Oct 25 12:03:09 GMT 2004
On Sat, 2004-10-23 at 06:47, awilliam at whitemice.org wrote:
> > What I want is to skip the login prompt and instead authenticate using a
> > NTLM/Kerberos ticket...
>
> Yes.
>
> > > > What is happening between the web server & the web client? Is the
> > > > protocol open or reverse engineered? Can this authentication be done
> > > > using apache @ unix (perhaps by apache interacting with samba somehow)?
> > > On the server side - yes, even current versions of SASL support NTLM.
> > Hmm, but there's no mod_sasl around, so I don't see how that will help?
>
> No, you don't use SASL for apache, but you might for Cyrus, etc...
>
> Squid has it's own NTLM support, several mechanism exist for doing NTLM
> or GSSAPI via apache.
>
> http://modntlm.sourceforge.net/
Unfortunately mod_ntlm has problems, and the NTLMSSP it implements is
quite basic. As such, I've brought mod_ntlm_winbindd up to scratch
(which now uses Samba's ntlm_auth, like Squid does):
http://dp.samba.org/ftp/unpacked/lorikeet/trunk/mod_ntlm_winbind/
That is for Apache 1.3, and someday I'll get some time to write an
apache2 version. Such a task would start with http://source.grep.no/
but if you look at mod_ntlm_winbind, you can see that a lot of stuff can
be cleaned out.
Andrew Bartlett
--
Andrew Bartlett abartlet at samba.org
Authentication Developer, Samba Team http://samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20041025/844e90dd/attachment.bin
More information about the samba
mailing list