kerberos authentication

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sathish.hc
Forum Newbie
Posts: 15
Joined: Tue May 23, 2006 2:55 am

kerberos authentication

Post by sathish.hc »

Hi all,

I configured kerberos authentication on my IIS. From this how to get remote user. $_SERVER['auth_user'] is not working.

Is there any other methods to get this.
rllqph
Forum Newbie
Posts: 2
Joined: Mon May 29, 2006 3:27 am

Post by rllqph »

i think this will do.

$_SERVER['HTTP_REFERER']

if not please elaborate your problem. ^^
sathish.hc
Forum Newbie
Posts: 15
Joined: Tue May 23, 2006 2:55 am

Post by sathish.hc »

I have PHP allication running on windows/IIS. I enabled Integreted windows authentication for single sign on.
ie as soon as user enter in to windows system I need to give access to my php application also. If I browse through IE $_SERVER['AUTH_USER'] will get me remote windows user but if I browse through other browsers it will prompt for user name and password. I want make this work in all browsers
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

If i'm not mistaken this 'feature' is an IE-only feature... According to http://www.kerio.com/manual/kwf/en/ch22s03.html the following should be possible too:
Netscape/Mozilla/Firefox/SeaMonkey configuration

Configuration can be changed to enable automatic NTLM authentication — leaving out the login dialog. To set this, follow this guidance:

1.

Insert about:config in the browser's address bar. The list of configuration parameters is displayed.
2.

Set corresponding configuration parameter(s) using the following instructions:
*

For direct connection (proxy server is not set in the browser):

Look up the network.automatic-ntlm-auth.trusted-uris parameter. Use the WinRoute host's name as a value for this parameter (e.g. server or server.company.com). This name must match the server name set under Configuration / Advanced Options / Web Interface (see chapter 11.1 Web Interface Parameters Configuration).

Note: It is not possible to use IP address as a value in this parameter!
*

If WinRoute proxy server is used:

Look up the network.automatic-ntlm-auth.allow-proxies parameter and set its value to true.

Configuration changes are applied right away, i.e. it is not necessary to restart the browser.
Post Reply