Getting user identity from browser

I used to work for a bank, that had a very cool feature in it's intranet. Once you logged in your computer, there were global variables set in PHP through Apache, and they contained the identity of the user that was logged on on the computer. Now I'm at a new job, and I'm wondering, how this thing worked! I would like to implement this kind of thing once again.

What I'm working with here:

• FreeBSD server, version is unknown to me.
• Apache 2.2 web server
• PHP 5, some custom compilation开发者_StackOverflow社区, that for various reasons, I can't upgrade or modify.
• MS AD
• All of the users logging on to their computers are using active directory, all are in the same domain.

What I used to have was something like this:

echo $_SERVER['username']

which would print the username of the user currently logged in.

Could someone explain, how this could be done?

P.S. If any of my server settings are not what is required, say so, because then I will have a reason to ask the bosses to give me one of my own, with more control.

There's lots of ways this might be implemented. However a lot of them depend on having control over the client as well as the server.

Obvious sources of data include:

• NTLM
• Client side certificates
• The Ident protocol (not very secure without the encryption extensions)
• A long lasting cookie (again, not secure)
• HTTP authentication methods

However none of these explain how the value appeared in the session - this must have been implemented within the PHP code.

So without knowing how it was implemented at your previous site we can't tell you:

• Whether it was secure and correctly implemented
• how to replicate the behaviour

Given your resource list, while it would be possible to implement authentication based on direct LDAP calls, passing the username and password through your application, I would strongly recommend using (e.g.) openId - but restricting the providers to just your openid provider - which would use the MSAD as the backend.

I did not understand correctly the question, so I edit my post...

you could use apache auth, you can make auth by ip's or hostnames

http://httpd.apache.org/docs/2.0/en/howto/auth.html