[Typo3-dev] S: Sponsoring Windows authentification in TYPO3

[Florian Schaeffer]

Hi Björn & Juergen,

> Install mod_auth_ntlm inside the Apache and configure it properly.
> If a user accesses your websites, he gets a browser popup login
> window (same as when you use Basic HTTP Authentication). The
[...]
> That's it. The browser popup windows appears only once per *browser*
> session. If your customer doesn't want to have this: I remember that
> IIS has the possibility to get the windows login user name transmitted
> automagically. But that would require that you use IIS/Windows.

That's not exactly the way, because it's not a qeustion of using IIS on 
an windows but using an Apache with mod_auth_ntlm (or even better when 
using Apache2 mod_sspi).
You then have to place a .htaccess-file in your directory wich requires 
a valid user and authentification-type sspi or ntlm (don't know if it's 
alreday supported to use LDAP)

The process is, when your using an IE (and you you have turned on 
automatic login in intranet zone) the user never gets even notified of 
being logged in.
You yet can even use Firefox (great job they have done) but with this 
browser you have to send your user credentials _once_ per browser session.

So it is a question of using the right browser, not the right server.

But nevertheless this does not solve your problem of explicit logout.
Once you're logged in, your session credentials stay. When you log out, 
you will be automagically logged in again (using IE).

On Firefox you will be asked another time.
So in Firefox it is possible to switch user, on IE it is only possible 
when you set "always ask for user credentials" in your browser settings. 
But then your user will have to confirm at least *at first login* user 
and password.

HTH
Florian Schaeffer

PS: don't know how to get this REMOTE_USER-credentials to work with 
TYPO3 but this should be an easy challenge for those TYPO3-cracks.