Transparent Authentication with Apache and NT Authentication?

    Date: 06/16/05 (Apache)    Keywords: php, html, web, linux, apache

    Hey all! I'm a newbie with .htaccess and authentication, and I'm trying to set up some transparent authentication on an Win 32 web Server.

    It's like this: We have an intranet and we wish to protect our precious admin pages. I have the folder protected with an .htacess file that references a user/pass file, (Everything works just fine this way,) but we would like to modify it as follows:

    We are using Apache 2.0.53 and using the module mod_auth_sspi.so for NT authenticaion. This module let's us capture the NT usernames in an environment variable. (Which makes it convenient for saying "hi" to people through our PHP CGI's.) What we would like to do is restrict access to the admin folder without having any of the administrators enter a user and pass everytime they a'wander to an admin page. So basically,

    - how can we get .htaccess to reference the environment variable for the username? (I'm assuming that's a possibility.)

    - How can we set it up so that it doesn't ask for a user/pass, but rather just blocks out non-admins? (If that's even possible!)

    One way that we have tried to do this already is by using the mod_ntml module, which would give us the ability to perform transparent authentication, but unfortunately the only available binary of this module is only compatible with Apache 1.3. If you try using it with 2.0, the server won't restart. There is a mod_ntml available for Apache 2.0, but it's only an uncompiled linux version. (At least the only ones I've found have been.) What I need is either another way of setting up this transparent authenticaion, or I need to get my hands on a binary version of mod_ntml 2.0 for Win 32. (Still scouring the internet, and have e-mailed someone at Sourceforge.net.)

    My .htaccess file is very basic, since I'm new to this. Here it is:

    authtype Basic
    authname "OUR_INTRANET"
    authuserfile /html/auth/qausers.pas

    Order allow,deny
    allow from none
    require valid-user
    satisfy any

    Thanks everybody!

    Source: http://www.livejournal.com/community/apache/21451.html

« OT: ProFTPD Community || Redirect confusion »
Search  •  Site Map  •  Set as Homepage  •  Add to Favourites  • 
antivirus | apache | asp | blogging | browser | bugtracking | cms | crm | css | database | ebay | ecommerce | google | hosting | html | java | jsp | linux | microsoft | mysql | offshore | offshoring | oscommerce | php | postgresql | programming | rss | security | seo | shopping | software | spam | spyware | sql | technology | templates | tracker | virus | web | xml | yahoo | home