On Sunday 31 December 2006 14:40, Eric Nichols wrote: > I've never really been able to find a definitive answer on this. > > IIS has their Integrated Authentication method which can recognize the > client's credentials. I'd like to take those credentials and bind as that > IIS user to an Active Directory server over LDAP. > > Any ideas?
Thats possible on Apache + mod_auth_kerb 1. Make Apache GSSAPI/Kerberos authentication work as desrcribed in <http://www.grolmsnet.de/kerbtut/> 2. activate GSSAPI/Kerberos credentials delegation as described in <http://www.grolmsnet.de/kerbtut/credentialsdelegation.html> 3. Make the webserverside an Net::LDAP use that credentials using Authen::SASL::Perl::GSSAPI as described in <http://perl.grolmsnet.de/authensasl/> to bind to the AD-LDAP-server. If you are using IIS instead of Apache you have to use the Win32-API, the interface to use the authentication is called "SSPI" and described in <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/initsecurityinterface.asp> The interface is useable in C, I don't know of a Perl-adapter to SSPI. Achim
