hagar — Wed, 06 Nov 2002 05:38:40 +0000

basic auth would just double my current workload of updating user info on the PDC, by making me then setup the same users and permissions on the web server.

We use DHCP so static IP's wont work, wouldnt work in static IP's if the user was on a different machine then normal(a usual occurence).

asp handles this seamlessly, i find it amazing that php cannot handle this security type, especially as it is installed in apache running on a windows box. Why create a windows version if there is no ability to take advantage of the operating system.

There seems little point of using apache/php in a windows environment at all, if they cant utilize the simplest security functions of the network.

I was really hoping to be able to showcase this and use it as a method of introducing open source into my work environment. So far that looks like an unlikely event.

Re: mod_NTLM for apache 1.3

Mark Hensler — Wed, 06 Nov 2002 05:28:49 +0000

Quote: Originally posted by hagar
can the php global $server do this?

Not really. You can use $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] to get the user/pass when using HTTP Authentication. So, if your whole intranet site were to be protected by a Basic HTTP Authentication, you could get the info that way. But for a seemless solution, this wouldn't work.

You may be able to use $_SERVER['REMOTE_ADDR'] to lookup a table of clients. This would work best if your intranet had static IPs.

HTTP doesn't include enough information in the headers to identify anyone, even on a small LAN. You may be able to get a few pieces of usefull info from the TCP/IP headers (remote IP:port), but even that is limited. You'll probably need some mechanism that will query the remote machine for an ID.

hagar — Wed, 06 Nov 2002 02:29:11 +0000

yeah that page is what ive used to install it, and i found the developers site, but it has FA details on its use other then securing directories through smoke and mirrors and .htaccess. God I hope I dont have to use LDAP or something else painful. lol

From what that link says, something in twiki is able to capture the username and compare it to the twiki username, but makes no mention of the how.

mairving — Wed, 06 Nov 2002 02:18:12 +0000

I have not used it and it looks like it has reached the end of it's run with no further development. I did find this site with some useful information.