php-windows Digest 29 Jan 2005 20:03:06 -0000 Issue 2556

Sat, 29 Jan 2005 12:04:34 -0800 

php-windows Digest 29 Jan 2005 20:03:06 -0000 Issue 2556

Topics (messages 25483 through 25483):

Re: NT username detectable?
        25483 by: Manuel Lemos

Administrivia:

To subscribe to the digest, e-mail:
        [EMAIL PROTECTED]

To unsubscribe from the digest, e-mail:
        [EMAIL PROTECTED]

To post to the list, e-mail:
        [email protected]


----------------------------------------------------------------------
--- Begin Message --- 
Hello,

"Christian Fersch" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]

[EMAIL PROTECTED] wrote:

> In the html headers, the server sees the clients OS, user agent, IP
> address etc. Is there a way on a local LAN a server might be able to
know 
> the username of the client that sends a request?
>
> I've checked all $_SERVER variables, PHP_AUTH_USER  etc require the auth
> box to be displayed. I'm thinking it might be possible to know which
user 
> is logged in when the request is made, possibly by using COM or even
> (gasp) .NET, without having to ask the user his username.
>
> Any ideas if this can be accomplished at all?
>
> Right now we have Firefox clients and Apache with PHP in an Active
> Directory domain with NT4 compatibility, but we can move to IE6 with
> IIS+PHP if that will work.


This isn't possible with php on its own (would be deep impact into your
privacy if it could, wouldn't it?). So you've got 2 choices:
switch to IE and use a security hole :>


Mozilla and Firefox already support NTLM authentication on Windows.

If you configure the Web servers (IIS or even Apache not necessariliy on Windows) to require NTLM authentication , either Internet Explorer or Mozilla or Firefox will dialog with the server to authenticate via NTLM and no password is asked to the user that has logged in the same Windows domain.

A PHP script for a page that requires NTLM authentication can obtain the authenticated user name using GetEnv("LOGON_USER"); .
--

Regards,
Manuel Lemos

PHP Classes - Free ready to use OOP components written in PHP
http://www.phpclasses.org/

PHP Reviews - Reviews of PHP books and other products
http://www.phpclasses.org/reviews/

Metastorage - Data object relational mapping layer generator
http://www.meta-language.net/metastorage.html

--- End Message ---

Reply via email to