FYI. Authentication of Nag/Netsaint web pages _without_ password challeng for MS IE browsers ..

Stanley Hopcroft Stanley.Hopcroft at IPAustralia.Gov.AU
Mon Feb 10 05:20:09 CET 2003

Previous message: check_citrix problem
Next message: FYI. Authentication of Nag/Netsaint web pages _without_ password challeng for MS IE browsers ..
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear Ladies and Gentlemen,

I am writing to let you know about a means of granting protected access
to Nag/Netsaint web pages _without_ being challenged for a username and
password (This authentication method is called NTLM; MS IE browsers take
the 'logged in user name and password hash' from a MS Win wokstation and 
send it instead of 'basic' authentication).

First the caveats

1 Works only with MS IE browsers,

Other browsers eg Mozilla for Win, Nav/Moz for Unix challenge the user 
with the usual realm/username/password dialogue box ie it works exactly 
as one is used to with a decent browser.

2 Works only for MS Workstations _excepting_ Metaframe sessions with MS 
Terminal server/Metaframe application servers

3 Workstation must be logged into an MS domain/workgroup (probably 
including a Samba pdc/bdc but I haven't tried this)

4 Provides no group information

This means you can't insist that only logged in users in specific NT 
groups can access Nag/Netsaint. This is probably only relevant to people 
that use domain auth in a big way.

5 Requires

5.1 mod_perl
5.2 Authen::Smb            } published CPAN modules
5.3 Apache::AuthenNTLM     }

Note

1 Authen::Smb is a Perl XS that doesn't build cleanly on at least 
some Unix systems (however, the solution is a trivial patch).

2 AuthenNTLM _almost certainly_ requires a trivial patch to work with 
existing Nag setups since the user it valiudates is 'Domain\UserName' 
rather than UserName (as you have probably set in cgi.cfg). The patch 
again is trivial.

Why would you want to mess with yet another 'extend and embrace' MS 
proprietary protocol ?

Because you may have PHBs that only use MS IE browsers and you don't
want them whining about yet another password.

If on the other hand, you have Linux desktops/Management stations, you 
can happily ignore this.

Yours sincerely.


 -- 
------------------------------------------------------------------------
Stanley Hopcroft
------------------------------------------------------------------------

'...No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea,
Europe is the less, as well as if a promontory were, as well as if a
manor of thy friend's or of thine own were. Any man's death diminishes
me, because I am involved in mankind; and therefore never send to know
for whom the bell tolls; it tolls for thee...'

from Meditation 17, J Donne.


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com

Previous message: check_citrix problem
Next message: FYI. Authentication of Nag/Netsaint web pages _without_ password challeng for MS IE browsers ..
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list