Hello,
On 06/12/2002 02:48 PM, Arturo Barajas wrote:
I don't agree and even think that it is a stupid thing to say because
open source is not about excluding Windows users even if
there are much less open source developers with Windows knowledge
there is no point in making Windows users feel bad about it.
Sometimes you have to deal with it. At home I use Linux, but at the
office it's Windows, and there's nothing we can do to change it. I
thought open source wasn't about a given OS, but rather a philosophy
(?). I can develop for Windows (or BeOS or MacOS or whatever) and what I
do can be still open source, isn't it?
OTOH, how can I (or anyone for that matter) change the mentality of a
corporate user about open source tools with that other mentality?
Being second class? My God.
I don't want a flamewar, anyway, but I think it's not the most clever
way to establish the open source movement, IMHO.
Sure, never mind about Rasmus descrimination towards Windows users.
Rasmus always has been bitter with users asking for support, especially
if they want to run PHP under Windows. Rasmus opinion is just Rasmus
opinion and by all means does not represent what the PHP and the Open
Source community in general thinks.
PHP should stay away from the OS wars especially because a great part of
PHP is due to its acceptance in the Windows world.
This may come to you as a surprise, but according to partial results of
a poll that I am carrying, more than 52% of the PHP developers use
Windows in production environments. So it is absolutely stupid that much
users are second class citizens.
The truth is that after the blowup of the Internet bubble, many PHP
developers had to turn to corporations that are still well dominated by
Windows. PHP developers should be thankful of its support under Windows
because that allowed to keep jobs still working on PHP, ie eventually
not having to move to other languages.
Anyway, what Rasmus meant is that there are much less open source
Windows developers which is a fact. That doesn't mean that being less
you won't get any support from them. Rasmus just seems to love to make
Windows users suffer for using such platform, even though many of them
had to put up with it because they had no choice. Just ignore him.
Anyway, personally I don't use Windows nor have a project
that motivate me to add support to NTLM authentication in
PHP, but if you or anybody has interest in doing it and
know enough C, I can tell you how to write a PHP extension
to support that. Just let me know if you are interested.
Of course I am :^). What compiler do I need? gcc on cygwin or
something? I'll have to dust my old C notebooks :^).
To write PHP extensions on Windows I think Visual C++ is more
appropriate. You may find documentation to write extensions here:
http://www.php.net/manual/en/zend.php
Keep in mind that NTLM authentication can be added in such way that you
can authenticate on Windows domain controller despite your Web server
may be running on Linux or some other Unix platform.
As for the authentication itself, I just paste here what you need to
know so you can start working on this.
Basically you need to know that there are two parts to be addressed:
HTTP NTLM autentication dialog and NTLM logon in Windows domain
controller to verify if the credentials are correct.
The second part is easier because there is already C code to implement
it that you can borrow from Apache NTLM authetication module that uses
the client libraries of the Samba project.
http://modntlm.sourceforge.net/
This module is meant to run under Unix, but since it is just client
code, I think it could be made to run under Windows.
As for the HTTP NTLM authetication dialog itself that this Apache module
also does, it is more complicated because unlike Basic authetication it
is multi-step. In this page you may find some explanation about the
protocolo of challenge and response messages that are exchanged between
the client and the server:
http://www.innovation.ch/java/ntlm.html
Other than this there is the issue of authentication credentials
caching. Since you need 3 accesses to the server to go, caching
authetication credentials would avoid further authentication accesses to
the domain controller. This is trickier, so it could be left for an
optimization phase.
--
Regards,
Manuel Lemos
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
