All geek questions in one place

Configure Windows Authentication for Apache

To start, I searched the Internet for about an hour, trying to figure out how to do this without success, so I am writing this question.

I have an intranet site that requires access to the Windows username (and not the server running Apache, but the user is accessing the intranet site).

I installed adLDAP and work where the user can log in to check the group the user is in. But for my site to be more secure, I would prefer to access the Windows username.

I saw that there is an apache module mod_auth_sspi, but I could not find how to install it or even implement (use) it in my code.

I am using Apache v2.4, PHP 5.6.8 on Windows Server 2008.

+5
source share
2 answers

So ... I found out how to do this after hours of working at Googling ... in fact, it should be much easier to find the answer, but, nevertheless, here:

1) Download the following module for your system (32 bit out of 64 bit): https://www.apachehaus.net/modules/mod_authnz_sspi/

2) Paste the file into the folder with your files. /apache/modules/

3) Edit the following configuration files:

3.1) php/php.ini: uncomment the extension=php_ldap.dllline.

3.2) apache/conf/httpd.ini: add the following to the end of the LoadModules section:

LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so

3.3) Find the tag <Directoryand remove the open and close tags along with your content. Then insert the following:

<Directory /> 
Options None 
AllowOverride All 
Order allow,deny 
Allow from all 
AuthName intranet
AuthType SSPI 
SSPIAuth On 
SSPIAuthoritative On 
SSPIOfferBasic On 
SSPIOmitDomain On 
Require valid-user 
</Directory>

Apache . Windows <?php echo $_SERVER['PHP_AUTH_USER'] ?>

+3

Source: https://habr.com/ru/post/1618877/

More articles:


All Articles