Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hello monks,

I am writing a cgi script on IIS and in order to determine the user I want to set up a login that checks whether the user name and password provided can successfully log into the local NT Domain. Do you have any ideas as to how I can attempt to login to the domain in a perl script?

Thank you.

Replies are listed 'Best First'.
Re: Windows NT Authentication
by vroom (His Eminence) on Jul 03, 2002 at 18:23 UTC
    One way would be to change the directory security settings for that directory. Turn off anonymous access and turn on Windows Integrated Authentication.

    That will block access to anyone who doesn't have read permission to the files in that directory.

    You can find the domain\username they are using $query->remote_user with CGI.pm;

[reply]
Re: Windows NT Authentication
by amphiplex (Monk) on Jul 04, 2002 at 06:19 UTC
    I have done this once on a un*x host, using Authen::Smb.
    There are propably better ways if you are on a NT host, but anyway, some code: 
    use strict;
use Authen::Smb qw(NTV_NO_ERROR);
my $pdc = "primary";
my $bdc = undef;
my $nt_domain = "DOMAIN";
....
....
sub password_ok {
  my ($username, $password) = @_;
  my $r = {};
  my $authResult = Authen::Smb::authen ($username,$password, $pdc, $bd
+c, $nt_domain);

  if ($authResult == $Smb::Authen::NTV_NO_ERROR) {
    if ($r = $mondb->get_user_data($username)) {
      return $r;
    } else {
      return {error=>"user not authorized"};
    }
  } else {
    $l->log("E", "User [$username] not authenticated with error level 
+$authResult: $smb_errtext{$authResult}");
    return {error=>"user authentification error"};
  }
  return undef;
}

    [download]
    ---- kurt
[reply]
[d/l]

Back to Seekers of Perl Wisdom