On Fri, 2006-09-06 at 14:47 -0600, Gustin Johnson wrote: > There are two mechanisms that I know of. The first is Kerberos. If you > know nothing about kerberos then I would suggest the O'Reilly book (it > is actually very good and easy to read). I cannot do the topic justice > in an email. > > The second is by passing NTLM hashes, which firefox does as well > (http://www.testingreflections.com/node/view/1365), though I believe > that this is Windows only. > > There is a python hack that can get around this if you are running linux > (http://www.linux.com/howtos/Web-Browsing-Behind-ISA-Server-HOWTO-4.shtml).
I spent the rest of the day on Friday looking into this. The new name for NTLM is IWA, and there are a number of apache modules that can handle this including the kerberos modules. I haven't tried any of them yet though. > Now your question is a little ambiguous. The web app itself can > authenticate to LDAP, but this is *not* the same thing as an IE > autologin. The web app needs to be able to relay Kerberos/NTLM, which > it likely cannot do. You're right, but the webapp is open source, and it's written in php. We're pretty sure that we can modify it to authenticate based on information passed along from the apache server (which will use IWA to authenticate with the active directory server. Thanks for your help, Jesse _______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
