开发者

login on site without password and user name use user form active directory domain

开发者 https://www.devze.com 2023-03-29 02:11 出处:网络
I have a question. I have a site on apache2.2. I need provide th开发者_运维技巧is feature for client.

I have a question. I have a site on apache2.2. I need provide th开发者_运维技巧is feature for client. When user which in active directory domain open the site that user must be login automatically.

Really i don't know how to do this stuff. Please help me. So if user in domain that this user must be login automatically and his nickname must be same as nickname in active directory. domain


It actually is possible with NTLM authentication. You need the AuthenNTLM-plugin, which will authenticate a user using the Internet Explorer. An example syntax would be

<Location />
    PerlAuthenHandler Apache::AuthenNTLM 
    AuthType ntlm,basic
    AuthName test
    require valid-user

    #                    domain             pdc                bdc
    PerlAddVar ntdomain "name_domain1   name_of_pdc1"
    PerlAddVar ntdomain "other_domain   pdc_for_domain    bdc_for_domain"

    PerlSetVar defaultdomain wingr1
    PerlSetVar ntlmdebug 1
</Location>
## taken from the documentation

Please refer to the module documentation for more options and specific instructions on the setup - the above should get you started in the right direction.

On the client side, Internet Explorer and Firefox should be able to login automatically after some configuration (Firefox needing a bit of special care - which may be achieved by setting the configuration variables during deployment).


It can be done using Kerberos tickets. Apache has a module http://modauthkerb.sourceforge.net/

I suggest you to begin with reading how Kerberos works before jumping into module docs.

There's 2 prerequisites:

  • the site domain must be listed as local intranet on browser
  • you need to generate a key on AD server


You can't do this. Unless you're on an ancient Windows95-era Internet Explorer, which had the marvelously secure feature of sending your windows username/password to any site that was password protected, regardless of where that site was.

Browsers are NOT going to send your windows credentials automatically, and other than probably IE, no browser is going to have access to those credentials either.

0

精彩评论

暂无评论...
验证码 换一张
取 消