Hi Dave,
Maybe one of the apache modules can auth against a NT domain? It is apache
you are using right?
...ah ... a quick google
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=apache+security+nt+do
main+module
got me this .... http://www.usenix.org/publications/login/1998-5/meek.html
Might be what you are looking for.
Justin
> -----Original Message-----
> From: Dave Wilson [mailto:[EMAIL PROTECTED]]
> Sent: 16 December 2002 13:27
> To: CF-Linux
> Subject: RE: What are the alternatives to NT authentication?
>
>
> Cheers Justin,
>
> Plenty of pointers there to have kept me going over the weekend. I still
> haven't come up with anything although I'm leaning towards using kerberos
> for the cross platform support. I'm still stuck with the problem of
> furnishing the cgi.remote_user variable. From my understanding of
> what I've
> read to date, cgi.remote_user is only available if a cgi login script is
> used, which I believe will prompt the user to log in - this is precisely
> what I'm trying to avoid as the user is already being authenticated by way
> of the vpn login. I'm merely looking to use cgi.remote_user as an
> extension
> to my user identifier and thus trigger application level rules
> and policies.
> In windows this is all very transparent where basically IIS detects the
> users network login and provides the cgi.remote_user variable without need
> for further login at the web site.
>
> I may need to revert to an older tried and tested login script with
> "remember me" functionality that I've used in the past, which merely uses
> cfid,cftoken value pairs - not the most reliable identifiers I know.
>
> Dave
>
> -----Original Message-----
> >From: Justin MacCarthy [mailto:[EMAIL PROTECTED]]
> Sent: 13 December 2002 12:13
> To: CF-Linux
> Subject: RE: What are the alternatives to NT authentication?
>
>
> Hi Dave,
>
> First look at using JAAS (at java.sun.com). This will give
> you a common API
> that can use practically any authentication source.
>
> You can set up linux to use a few different authentication methods using
> PAM - "pluggable Authentication Module". This feature is usually installed
> in the normal server installation, but set to use the usual passwd file
> (shadowed etc.) by default.
>
> Windows & linux (and I believe apache - anyone done it?) support
> authentication via Kerberos which is basically LDAP. Windows calls it
> ActiveDirectory. One issue here, I believe you can't do SSL LDAP
> queries on
> Linux/mx at the moment (Jesse ? )
>
> As for web site authentication, in apache you can use the
> .htaccess file to
> auth. users ...
>
>
> Justin - no Linux expert :-)
>
>
>
> > -----Original Message-----
> > From: Dave Wilson [mailto:[EMAIL PROTECTED]]
> > Sent: 13 December 2002 09:54
> > To: CF-Linux
> > Subject: What are the alternatives to NT authentication?
> >
> >
> > Hi all,
> >
> > My applications are designed to make use of the windows network
> > login id via
> > cgi.remote_user on a windows VPN. I was wondering if anybody knew
> > how I'd go
> > about porting this feature over to a linux platform? What authentication
> > options are available to me?
> >
> > The VPN infrastructure is still in the planning stages so I
> will have the
> > option at looking into other authentication server platforms. The actual
> > authentication merely authenticates the user to the VPN network
> > (preferrably
> > using their existing network login credentials) from a variety of remote
> > branch networks (presumably Windows networks, mostly) to allow the user
> > access to our suite of tools. The rules and policies are
> handled by the cf
> > application itself, which merely requires the cgi.remote_user
> variable for
> > db lookup purposes. I'm wondering if Kerberos may be the way to
> go as (to
> > the best of my knowledge) it is supported by both windows and linux
> > platforms, or perhaps I can stick with using NT authentication
> for the VPN
> > and have the NT account details available to my linux boxes?
> >
> > Any thoughts much appreciated,
> > Dave
> >
> >
> >
>
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=14
Subscription:
http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=14
Signup for the Fusion Authority news alert and keep up with the latest news in
ColdFusion and related topics. http://www.fusionauthority.com/signup.cfm
Unsubscribe:
http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
