|
|
|
|
|
|
| Author |
Message |
Steve Wolfe
*nix forums beginner
Joined: 21 Feb 2005
Posts: 29
|
 Posted: Thu Feb 03, 2005 9:24 pm Post subject:
Determine NT domain username of web client
|
|
|
From a perl CGI application, I'd like to find the username of the person
at the client computer. All clients log in to a domain controller, so I
began looking at the various NTLM and SMB modules. I see various modules
such as Authen::NTLM which will attempt to authenticate if passed a username
and password, but I can't find any to simply discover the current username.
Am I missing something?
steve |
|
| Back to top |
|
 |
Bill Karwin
*nix forums beginner
Joined: 08 Apr 2005
Posts: 33
|
| Posted: Thu Feb 03, 2005 10:06 pm Post subject:
Re: Determine NT domain username of web client
|
|
|
Steve Wolfe wrote:
| Quote: | From a perl CGI application, I'd like to find the username of the person
at the client computer.
|
Web applications can't get this information unless it's been explicitly
sent by the client computer. For instance, by a person entering
username and password into a login form. There's no way for a web
application to query such information by its own authority, and that's a
good thing.
Once the user sends his/her username and password, you can write code in
your CGI application using a module such as Authen::NTLM to authenticate
the user. You might also want to look at Apache::AuthenSMB as another
alternative.
Regards,
Bill K. |
|
| Back to top |
|
|
Steve Wolfe
*nix forums beginner
Joined: 21 Feb 2005
Posts: 29
|
| Posted: Fri Feb 04, 2005 4:31 pm Post subject:
Re: Determine NT domain username of web client
|
|
|
| Quote: | From a perl CGI application, I'd like to find the username of the
person
at the client computer.
Web applications can't get this information unless it's been explicitly
sent by the client computer. For instance, by a person entering
username and password into a login form. There's no way for a web
application to query such information by its own authority, and that's a
good thing.
Once the user sends his/her username and password, you can write code in
your CGI application using a module such as Authen::NTLM to authenticate
the user. You might also want to look at Apache::AuthenSMB as another
alternative.
|
Some six or so years ago, I looked into this with a Perl module that I
now can't remember the name of. When a client with an NT machine was
queried from the CGI app, I was able to determine the username - but not
that of 9x machines. At that time, because the company had many 9x
machines, the attempt was abandoned until now - I just can't remember what
module I used, or how I did it! : )
I guess there's always a chance that my memory is failing me, and I did it
through something like Apache::AuthenSMB, where they need to explicitly pass
a username and password. I'll have to play around some more and see what I
come up with.
steve |
|
| Back to top |
|
|
Bill Karwin
*nix forums beginner
Joined: 08 Apr 2005
Posts: 33
|
| Posted: Fri Feb 04, 2005 8:08 pm Post subject:
Re: Determine NT domain username of web client
|
|
|
Steve Wolfe wrote:
| Quote: | Some six or so years ago, I looked into this with a Perl module that I
now can't remember the name of. When a client with an NT machine was
queried from the CGI app, I was able to determine the username
|
There may be some non-portable ways of doing implicit authentication.
For instance, IIS has "Windows Integrated Authentication" but AFAIK it
only works if your web server is IIS *and* your web browser is MSIE.
See "How To Configure IIS Web Site Authentication in Windows Server 2003"
http://support.microsoft.com/default.aspx?kbid=324274&product=winsvr2003
Here's an Apache module that claims to support the same kind of
authentication in Apache, but it requires that the client use either
MSIE or Firefox with an appropriate plugin:
http://rc.vintela.com/topics/mod_auth_vas/
There are also single sign-on solutions that authenticate against NT
domain controllers. For example:
http://plone.org/documentation/howto/singlesignonwindowsdomains
All these solutions, and all other single sign-on solutions I've seen,
require some pretty heavy technical chops to deploy, usually involving
extensions to the web server software. I haven't seen a simple solution
that can be added casually to a single CGI Perl script.
Regards,
Bill K. |
|
| Back to top |
|
|
Big and Blue
*nix forums addict
Joined: 21 Feb 2005
Posts: 95
|
| Posted: Sat Feb 05, 2005 12:29 am Post subject:
Re: Determine NT domain username of web client
|
|
|
Steve Wolfe wrote:
| Quote: |
From a perl CGI application, I'd like to find the username of the person
at the client computer. All clients log in to a domain controller, so I
began looking at the various NTLM and SMB modules. I see various modules
such as Authen::NTLM which will attempt to authenticate if passed a username
and password, but I can't find any to simply discover the current username.
Am I missing something?
|
Well, you neglected to say which Web server was involved.
From follow ups looks like Apache.
So put in an authentication module (eg: Apache::NTLM or
Apache::AuthenSMB). The *server* runs this according to its config (or
your .htaccess file if the server config lets you). All you see is a
REMOTE_USER environment variable set to the authenticated username (and if
they fail authentication your CGI script won't even be started).
But that is a CGI question, not a Perl one.
--
Just because I've written it doesn't mean that
either you or I have to believe it. |
|
| Back to top |
|
|
Google
|
|
| Back to top |
|
|
|
|
The time now is Fri Jan 09, 2009 5:23 am | All times are GMT
|
|
Credit Card Consolidation | Loans | Bad Credit Credit Cards | Capital One Credit Cards | Problem Mortgage
|
|
Copyright © 2004-2005 DeniX Solutions SRL
|
|
|
|
Other DeniX Solutions sites:
Unix/Linux blog |
electronics forum |
medicine forum |
science forum |
|
|
Privacy Policy
|
Powered by phpBB © 2001, 2005 phpBB Group
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Forum index
»
Programming
»
Perl
»
modules
