Re: NT Authentication - CGI as valid NT domain account

One way to achieve this is to use a Module for Apache, so each time Apache receives a request it will authenticate the user with the Domain and then make the user’s name available to your script in $ENV{REMOTE_USER} variable.

There are 2 modules that I know of. One is for Apache 1 (mod_ntlm) and the other is for Apache 2 (mod_sspi).

I have never used mod_ntlm, however use mod_sspi and Apache 2 in many cases with great success.

I believe that there are also some perl modules that you can use under mod_perl but I have never used any of them.

Hope this gives you some pointers.

Alistair

Comment on Re: NT Authentication - CGI as valid NT domain account

Replies are listed 'Best First'.
Re^2: NT Authentication - CGI as valid NT domain account by emilford (Friar) on Aug 12, 2004 at 14:30 UTC
We're running Apache 2, so I've found mod_sspi. A few more tweaks need to be made so everything is configured correctlyl, but I'm fairly confident this will work fine. My problem now is getting the CGI script to run as the logged in user. On an NT box, under which user will the script run? If it is not as the logged in user, how would I go about changing this? I've seen many options for Unix, but Windows is a different beast. Thanks for your suggestions.	[reply]
Re^2: NT Authentication - CGI as valid NT domain account by allyc (Scribe) on Aug 12, 2004 at 15:07 UTC
I have never needed to get the scripts executed as the logged on user. I tend to run apache with an account that has the correct permissions for what I require. If I need the scripts to access more resources, I then grant it to the account. You might be able to use SUSExec but I have never used it, and I believe that it can cause security issues. Alistair	[reply]