Cheers Justin, Plenty of pointers there to have kept me going over the weekend. I still haven't come up with anything although I'm leaning towards using kerberos for the cross platform support. I'm still stuck with the problem of furnishing the cgi.remote_user variable. From my understanding of what I've read to date, cgi.remote_user is only available if a cgi login script is used, which I believe will prompt the user to log in - this is precisely what I'm trying to avoid as the user is already being authenticated by way of the vpn login. I'm merely looking to use cgi.remote_user as an extension to my user identifier and thus trigger application level rules and policies. In windows this is all very transparent where basically IIS detects the users network login and provides the cgi.remote_user variable without need for further login at the web site.
I may need to revert to an older tried and tested login script with "remember me" functionality that I've used in the past, which merely uses cfid,cftoken value pairs - not the most reliable identifiers I know. Dave -----Original Message----- From: Justin MacCarthy [mailto:[EMAIL PROTECTED]] Sent: 13 December 2002 12:13 To: CF-Linux Subject: RE: What are the alternatives to NT authentication? Hi Dave, First look at using JAAS (at java.sun.com). This will give you a common API that can use practically any authentication source. You can set up linux to use a few different authentication methods using PAM - "pluggable Authentication Module". This feature is usually installed in the normal server installation, but set to use the usual passwd file (shadowed etc.) by default. Windows & linux (and I believe apache - anyone done it?) support authentication via Kerberos which is basically LDAP. Windows calls it ActiveDirectory. One issue here, I believe you can't do SSL LDAP queries on Linux/mx at the moment (Jesse ? ) As for web site authentication, in apache you can use the .htaccess file to auth. users ... Justin - no Linux expert :-) > -----Original Message----- > From: Dave Wilson [mailto:[EMAIL PROTECTED]] > Sent: 13 December 2002 09:54 > To: CF-Linux > Subject: What are the alternatives to NT authentication? > > > Hi all, > > My applications are designed to make use of the windows network > login id via > cgi.remote_user on a windows VPN. I was wondering if anybody knew > how I'd go > about porting this feature over to a linux platform? What authentication > options are available to me? > > The VPN infrastructure is still in the planning stages so I will have the > option at looking into other authentication server platforms. The actual > authentication merely authenticates the user to the VPN network > (preferrably > using their existing network login credentials) from a variety of remote > branch networks (presumably Windows networks, mostly) to allow the user > access to our suite of tools. The rules and policies are handled by the cf > application itself, which merely requires the cgi.remote_user variable for > db lookup purposes. I'm wondering if Kerberos may be the way to go as (to > the best of my knowledge) it is supported by both windows and linux > platforms, or perhaps I can stick with using NT authentication for the VPN > and have the NT account details available to my linux boxes? > > Any thoughts much appreciated, > Dave > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=14 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=14 Your ad could be here. Monies from ads go to support these lists and provide more resources for the community. http://www.fusionauthority.com/ads.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
