login on site without password and user name use user form active directory domain
I have a question. I have a site on apache2.2. I need provide th开发者_运维技巧is feature for client. When user which in active directory domain open the site that user must be login automatically.
Really i don't know how to do this stuff. Please help me. So if user in domain that this user must be login automatically and his nickname must be same as nickname in active directory. domain
It actually is possible with NTLM authentication. You need the AuthenNTLM-plugin, which will authenticate a user using the Internet Explorer. An example syntax would be
<Location />
PerlAuthenHandler Apache::AuthenNTLM
AuthType ntlm,basic
AuthName test
require valid-user
# domain pdc bdc
PerlAddVar ntdomain "name_domain1 name_of_pdc1"
PerlAddVar ntdomain "other_domain pdc_for_domain bdc_for_domain"
PerlSetVar defaultdomain wingr1
PerlSetVar ntlmdebug 1
</Location>
## taken from the documentation
Please refer to the module documentation for more options and specific instructions on the setup - the above should get you started in the right direction.
On the client side, Internet Explorer and Firefox should be able to login automatically after some configuration (Firefox needing a bit of special care - which may be achieved by setting the configuration variables during deployment).
It can be done using Kerberos tickets. Apache has a module http://modauthkerb.sourceforge.net/
I suggest you to begin with reading how Kerberos works before jumping into module docs.
There's 2 prerequisites:
- the site domain must be listed as local intranet on browser
- you need to generate a key on AD server
You can't do this. Unless you're on an ancient Windows95-era Internet Explorer, which had the marvelously secure feature of sending your windows username/password to any site that was password protected, regardless of where that site was.
Browsers are NOT going to send your windows credentials automatically, and other than probably IE, no browser is going to have access to those credentials either.
精彩评论