2007 Mar 03 - Sat
Apache Web Page NTLM Authentication
In continuation of a previous article regarding NTLM authentication and authorization of
web pages on an Apache Web Server, I've made some progress with integration.
The web server will now automatically accept MS IE users with passthrough authentication
so they are automatically authenticated to view web server pages. Well... users who are
hardcoded currently. All other users are rejected.
I used the perl module Apache2::AuthenNTLM from CPAN, and wrapped a module called
OneUnified::AuthNTLM around it to
obtain some hooks into the original module's operation.
Here is the code I inserted into /etc/apache2/sites-enabled/000-default in order to
activate the module:
PerlAuthenHandler OneUnified::AuthNTLM
AuthType ntlm,basic
AuthName ntdomainname
require valid-user
PerlAddVar ntdomain "ntdomainname globalcat1 globalcat2"
PerlSetVar defaultdomain ntdomainname
PerlSetVar splitdomainprefix 1
PerlSetVar ntlmdebug 0
PerlSetVar ntlmauthoritative 0
# PerlSetVar fallbackdomain fallbackdomain
I originally used the fallbackdomain to invoke a secondary login prompt for non domain
members, but it appears to lock the module up for some reason. It is commented out for the
time being.
For now, OneUnified::AuthNTLM overrides the verify_user subroutine and manually accepts
certain userid's. The next step will be to incorporate the group look up code.
Not all of them are used at the moment, but here are some Perl modules for use with
session management. They go into the /usr/local/lib/site_perl/OneUnified directory.
- AuthNTLM.pm: wrapper around Apache2::AuthenNTLM
- Const.pm:
used in the Mason autohandler file (to be introduced later).
- Session.pm: will handle session management stuff
- ValidateFields.pm: some web form validation checks
- ou.sql: latest database schema
for various things, including session management and the ciscowatcher.pl script
[/OpenSource/Debian/Monitoring]
permanent link
|
