[Typo3-dev] S: Sponsoring Windows authentification in TYPO3
Florian Schaeffer
florian.schaeffer at mercoline.de
Wed Aug 25 18:11:32 CEST 2004
Hi Björn & Juergen,
> Install mod_auth_ntlm inside the Apache and configure it properly.
> If a user accesses your websites, he gets a browser popup login
> window (same as when you use Basic HTTP Authentication). The
[...]
> That's it. The browser popup windows appears only once per *browser*
> session. If your customer doesn't want to have this: I remember that
> IIS has the possibility to get the windows login user name transmitted
> automagically. But that would require that you use IIS/Windows.
That's not exactly the way, because it's not a qeustion of using IIS on
an windows but using an Apache with mod_auth_ntlm (or even better when
using Apache2 mod_sspi).
You then have to place a .htaccess-file in your directory wich requires
a valid user and authentification-type sspi or ntlm (don't know if it's
alreday supported to use LDAP)
The process is, when your using an IE (and you you have turned on
automatic login in intranet zone) the user never gets even notified of
being logged in.
You yet can even use Firefox (great job they have done) but with this
browser you have to send your user credentials _once_ per browser session.
So it is a question of using the right browser, not the right server.
But nevertheless this does not solve your problem of explicit logout.
Once you're logged in, your session credentials stay. When you log out,
you will be automagically logged in again (using IE).
On Firefox you will be asked another time.
So in Firefox it is possible to switch user, on IE it is only possible
when you set "always ask for user credentials" in your browser settings.
But then your user will have to confirm at least *at first login* user
and password.
HTH
Florian Schaeffer
PS: don't know how to get this REMOTE_USER-credentials to work with
TYPO3 but this should be an easy challenge for those TYPO3-cracks.
More information about the TYPO3-dev
mailing list