[opencms-dev] Information : Authentication through NT domain ...
Brendon Price
Brendon.Price at sytec.co.nz
Thu Jul 3 22:14:01 CEST 2003
Hi Guillaume,
The following is some detail on how to get NTLM working with Apache 1.3 and
opencms.
Not really an OpenCMS issue but it may be of interest to a few people
attempting this.
This allows NT Integrated Security to the opencms resources, so users
accessing the
site must belong to a valid NT Domain Group. This would be useful for an
Intranet for instance.
Note that this was for Apache 1.3, but there is a mod_ntlm for Apache 2 so
the process is probably much the same.
1. Stop apache
2. Download the mod_ntlm source from SourceForge
(<http://sourceforge.net/projects/modntlm/>)
3. Make sure the apache-devel RPM is installed on the server and build
mod_ntlm:
Extract the source, change to the directory, and type "make install". This
uses apxs from apache-devel to build
the module and install it (into /usr/lib/apache). This also modifies
httpd.conf to include the appropriate LoadModule and
AddModule directives.
4. Add the NTLM authentication directives to httpd.conf, eg:
<Location /publicsite>
AuthType NTLM
NTLMAuth On
NTLMAuthoritative On
NTLMDomain DOMAIN
NTLMServer PDC_servername
# NTLMBackup servername
Require valid-user
</Location>
5. Do some magic stuff to make it all work - this is important!
Make sure the KeepAlive directive is set to "on" and comment out the
following MSIE related config, ie
#SetEnvIf User-Agent ".*MSIE.*" \
# nokeepalive ssl-unclean-shutdown \
# downgrade-1.0 force-response-1.0
6. Make sure the names specified for NTLMServer and NTLMBackup are in the
local hosts file on the web server.
7. Start Apache and test...
You do not have to register the web server on the domain controller for this
to work. It also doesn't care what the web server hostname or httpd
ServerName directive is set to.
Regards
Brendon
-----Original Message-----
From: Apostoly Guillaume [mailto:ApostolyG at mail.europcar.com]
Sent: Wednesday, 2 July 2003 4:55 a.m.
To: opencms-dev at opencms.org
Subject: [opencms-dev] Information : Authentication through NT domain
...
Hi all,
My current goal is to allow OpenCMS authentication through NT Server. I've
got no LDAP server so this could mean use NTLM.
I'm on a linux gentoo with apache and tomcat (currently standalone, i've got
to change that).
I'm currently trying to use mod_ntlm ( http://modntlm.sourceforge.net/
<http://modntlm.sourceforge.net/> ) with apache. After that, i'll configure
Tomcat to work with apache (with mod_xxxxx), and i'll get the apache logged
in user through "request.getRemoteUser()" as describe here :
http://www.jguru.com/faq/view.jsp?EID=1045412
<http://www.jguru.com/faq/view.jsp?EID=1045412> .
After that point, i'll need someone that knows well the authentication
system from opencms to allow this :
I'd like opencms to rely on the "request.getRemoteUser()" to know who is
logged in (the username), but to still use it's own system for the
permissions. This means creating the user in the opencms database, allowing
them to work on project, etc, but relying on NTLM authentication from apache
for the login.
Has anybody progressed in that direction ?
Am I completly (tick the right answer) : - wrong - nuts - dumb ?
Thanks by advance,
Regards,
Guillaume.
_______________________________________
Guillaume APOSTOLY
Business-Analyst EIS-BSD
Tél: +33 (0)1.30.44.95.22
Fax: +33 (0)1.30.44.98.08
ApostolyG at mail.europcar.com <mailto:ApostolyG at mail.europcar.com>
_______________________________________
_______________________________________________
This mail is send to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
http://mail.opencms.org/mailman/listinfo/opencms-dev
More information about the opencms-dev
mailing list