[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] Single Sign On
From: |
Philipp Kamps |
Subject: |
Re: [Phpgroupware-developers] Single Sign On |
Date: |
Fri, 06 Aug 2004 11:24:15 +0200 |
Hi Sigurd,
Am Fr, den 06.08.2004 schrieb Sigurd Nes um 00:05:
> I downoladed mod_ntlm2-0.1.tgz from http://sourceforge.net/projects/modntlm/
>
> Edited the Makefile
> From
> APXS=apxs
> APACHECTL=/etc/rc.d/apache
> To
> APXS=/usr/local/apache2/bin/apxs
> APACHECTL=/usr/local/apache2/bin/apachectl
>
> Issued the command:
> make install && make restart
>
> added to httpd.conf:
>
> AuthType NTLM
> NTLMAuth on
> NTLMAuthoritative on
> NTLMDomain BBB
> NTLMServer 172.20.35.167
> NTLMBackup 172.20.35.163
>
this should be inside your
<Directory 'yourphpgwinstallation'>
then add:
Require valid-user
inside the directory definition.
I also added:
NTLMBasicAuth on
(but I have no clue what it does ;-)
Please note that I still have some problems with
the patch I submitted. I'll fix this next week.
(Hope you got your "REMOTE_USER" ready then...)
Cheers, fips
> Apache started fine but would'nt provide the $_SERVER['REMOTE_USER'] (no
> such element in the $_SERVER array)
>
> I also tried the version from http://modntlm.jamiekerwick.co.uk/ with no
> luck
>
> Any clues?
>
> Sigurd
>
>
> Philipp Kamps wrote:
> > Hi ya'll,
> >
> > i got it working in my installation and I submitted a
> > patch at savannah:
> > https://savannah.gnu.org/patch/index.php?func=detailitem&item_id=3263
> >
> > I case you don't have a ntlm "compatible" browser there is
> > a popup asking for the account login. Make sure to enter:
> >
> > <yourwindowsdomain>\<yourusername>
> >
> > as username.
> >
> > Installation of mod_ntlm is a little bit tricky (no deb package) :-(
> >
> > There are limitations:
> >
> > - no phpgw domain dropdown box (btw is this the reason, auth. over
> > .htaccess files is disabled?)
> >
> > - no user password in the GLOBALS variable (probably the email module
> > needs this variable)
> >
> > - a logout directly logs you in again (with new session id) ;-)
> >
> > - my 1.6 mozilla still needs popup with account login; maybe I'm
> > missing a preference somewhere...
> >
> > Cheers, fips
> >
> >
> > Am Mi, den 04.08.2004 schrieb Dave Hall um 02:57:
> >
> >>On Wed, 2004-08-04 at 00:18, Sigurd Nes wrote:
> >>
> >>>Philipp Kamps wrote:
> >>> > Hi ya'll,
> >>> >
> >>> > I found a way to realize a single-sign-on for the
> >>> > phpgroupware and windows IE Clients in a windows
> >>> > domain:
> >>> >
> >>> > The project NTLM (http://sourceforge.net/projects/modntlm/)
> >>> > has developed a apache 1/2 module to read uid and
> >>> > password from a IE Client. The module checks this account
> >>> > against a windows Domain AD.
> >>> >
> >>> > So users only have to use the windows login to authenticate.
> >>> >
> >>> > In case of Linux, you may want to have a look to a ntlm auth
> >>> > proxy (ntlmaps as deb package).
> >>> >
> >>> > I'll publish a patched login and auth script.
> >>> >
> >>> > Cheers fips
> >>> >
> >>> >
> >>>Great !! - my users will be very happy.
> >>
> >>Mozilla 1.4+ has support for ntlm auth, see
> >>http://www.mozilla.org/releases/mozilla1.4.2/README.html
> >>
> >>I couldn't find info for Firefox support :(
> >>
> >>
> >>
> >>
> >>_______________________________________________
> >>Phpgroupware-developers mailing list
> >>address@hidden
> >>http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
>
>
>
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://lists.gnu.org/mailman/listinfo/phpgroupware-developers
--
Philipp Kamps
- Team Softwareentwicklung -
pro|business AG
Expo Plaza 1
30539 Hannover
Telefon 05 11 / 6 00 66 - 333
Telefax 05 11 / 6 00 66 - 355
E-Mail address@hidden
**********************************************
"probusiness Hamburg AG gegründet"
Weitere Informationen zur Gründung der sechsten
probusiness Gesellschaft unter www.probusiness.de
**********************************************