Re: [Phpgroupware-developers] Single Sign On

[Philipp Kamps]

Hi Sigurd,

Am Fr, den 06.08.2004 schrieb Sigurd Nes um 00:05:
> I downoladed mod_ntlm2-0.1.tgz from http://sourceforge.net/projects/modntlm/
> 
> Edited the Makefile
>  From
>   APXS=apxs
>   APACHECTL=/etc/rc.d/apache
> To
>   APXS=/usr/local/apache2/bin/apxs
>   APACHECTL=/usr/local/apache2/bin/apachectl
> 
> Issued the command:
> make install && make restart
> 
> added to httpd.conf:
> 

>    AuthType NTLM
>    NTLMAuth on
>    NTLMAuthoritative on
>    NTLMDomain BBB
>    NTLMServer 172.20.35.167
>    NTLMBackup 172.20.35.163
> 

this should be inside your

<Directory 'yourphpgwinstallation'>

then add:
     Require valid-user

inside the directory definition.

I also added:
     NTLMBasicAuth on

(but I have no clue what it does ;-)

Please note that I still have some problems with
the patch I submitted. I'll fix this next week.
(Hope you got your "REMOTE_USER" ready then...)

Cheers, fips


> Apache started fine but would'nt provide the $_SERVER['REMOTE_USER'] (no 
> such element in the $_SERVER array)
> 
> I also tried the version from http://modntlm.jamiekerwick.co.uk/ with no 
> luck
> 
> Any clues?
> 
> Sigurd
> 
> 
> Philipp Kamps wrote:
> > Hi ya'll,
> > 
> > i got it working in my installation and I submitted a
> > patch at savannah:
> > https://savannah.gnu.org/patch/index.php?func=detailitem&item_id=3263
> > 
> > I case you don't have a ntlm "compatible" browser there is
> > a popup asking for the account login. Make sure to enter:
> > 
> > <yourwindowsdomain>\<yourusername>
> > 
> > as username.
> > 
> > Installation of mod_ntlm is a little bit tricky (no deb package) :-(
> > 
> > There are limitations:
> > 
> > - no phpgw domain dropdown box (btw is this the reason, auth. over
> > .htaccess files is disabled?)
> > 
> > - no user password in the GLOBALS variable (probably the email module
> > needs this variable)
> > 
> > - a logout directly logs you in again (with new session id) ;-)
> > 
> > - my 1.6 mozilla still needs popup with account login; maybe I'm
> >   missing a preference somewhere...
> > 
> > Cheers, fips
> > 
> > 
> > Am Mi, den 04.08.2004 schrieb Dave Hall um 02:57:
> > 
> >>On Wed, 2004-08-04 at 00:18, Sigurd Nes wrote:
> >>
> >>>Philipp Kamps wrote:
> >>> > Hi ya'll,
> >>> >
> >>> > I found a way to realize a single-sign-on for the
> >>> > phpgroupware and windows IE Clients in a windows
> >>> > domain:
> >>> >
> >>> > The project NTLM (http://sourceforge.net/projects/modntlm/)
> >>> > has developed a apache 1/2 module to read uid and
> >>> > password from a IE Client. The module checks this account
> >>> > against a windows Domain AD.
> >>> >
> >>> > So users only have to use the windows login to authenticate.
> >>> >
> >>> > In case of Linux, you may want to have a look to a ntlm auth
> >>> > proxy (ntlmaps as deb package).
> >>> >
> >>> > I'll publish a patched login and auth script.
> >>> >
> >>> > Cheers fips
> >>> >
> >>> >
> >>>Great !! - my users will be very happy.
> >>
> >>Mozilla 1.4+ has support for ntlm auth, see
> >>http://www.mozilla.org/releases/mozilla1.4.2/README.html
> >>
> >>I couldn't find info for Firefox support :(
> >>
> >>
> >>
> >>
> >>_______________________________________________
> >>Phpgroupware-developers mailing list
> >>address@hidden
> >>http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
> 
> 
> 
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
-- 
Philipp Kamps
- Team Softwareentwicklung - 
pro|business AG
Expo Plaza 1
30539 Hannover
Telefon    05 11 / 6 00 66 - 333
Telefax    05 11 / 6 00 66 - 355
E-Mail     address@hidden

**********************************************
    "probusiness Hamburg AG gegründet" 

Weitere Informationen zur Gründung der sechsten 
probusiness Gesellschaft unter www.probusiness.de
**********************************************