Page 1 of 1

kerberos authentication

Posted: Mon May 29, 2006 12:42 am
by sathish.hc
Hi all,

I configured kerberos authentication on my IIS. From this how to get remote user. $_SERVER['auth_user'] is not working.

Is there any other methods to get this.

Posted: Mon May 29, 2006 3:59 am
by rllqph
i think this will do.

$_SERVER['HTTP_REFERER']

if not please elaborate your problem. ^^

Posted: Mon May 29, 2006 4:45 am
by sathish.hc
I have PHP allication running on windows/IIS. I enabled Integreted windows authentication for single sign on.
ie as soon as user enter in to windows system I need to give access to my php application also. If I browse through IE $_SERVER['AUTH_USER'] will get me remote windows user but if I browse through other browsers it will prompt for user name and password. I want make this work in all browsers

Posted: Mon May 29, 2006 11:38 am
by timvw
If i'm not mistaken this 'feature' is an IE-only feature... According to http://www.kerio.com/manual/kwf/en/ch22s03.html the following should be possible too:
Netscape/Mozilla/Firefox/SeaMonkey configuration

Configuration can be changed to enable automatic NTLM authentication — leaving out the login dialog. To set this, follow this guidance:

1.

Insert about:config in the browser's address bar. The list of configuration parameters is displayed.
2.

Set corresponding configuration parameter(s) using the following instructions:
*

For direct connection (proxy server is not set in the browser):

Look up the network.automatic-ntlm-auth.trusted-uris parameter. Use the WinRoute host's name as a value for this parameter (e.g. server or server.company.com). This name must match the server name set under Configuration / Advanced Options / Web Interface (see chapter 11.1 Web Interface Parameters Configuration).

Note: It is not possible to use IP address as a value in this parameter!
*

If WinRoute proxy server is used:

Look up the network.automatic-ntlm-auth.allow-proxies parameter and set its value to true.

Configuration changes are applied right away, i.e. it is not necessary to restart the browser.