Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Retrieve REMOTE_USER Cgi Env with mod_auth_sspi

by suzun30 (Acolyte)
on Apr 02, 2013 at 21:29 UTC ( [id://1026756]=perlquestion: print w/replies, xml ) Need Help??

suzun30 has asked for the wisdom of the Perl Monks concerning the following question:

Hi

I need to retrieve the username of the remote user accessing my intranet site. I have installed mod_auth_sspi.so and included it to the httpd.conf file in my apache2.2 server. I am trying to retrieve the username using $cgi->user_name() and $cgi->remote_user() and also checking in the ENV variable for REMOTE_USER and AUTH_USER. None returns it. I am not sure if my SSPI is functioning either. Does this method of authentication need mod_perl installed. I have got Active State perl v5.16 on Windows 2008 server. I don't see a active mod_perl build for this version of perl in activestate home. Appreciate any pointers. My code in my httpd.conf file is as follows. 

<IfModule !mod_auth_sspi.c>
    LoadModule sspi_auth_module modules/mod_auth_sspi.so
</IfModule>

</Directory>
<Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2.
+2/htdocs/TestWeb/">
<Files TestWeb.pl>
Options FollowSymLinks
Order allow,deny
Allow from all
    
AuthName "TestWeb"
AuthType SSPI 
SSPIAuth On 
SSPIAuthoritative On 
SSPIOfferBasic on
Require valid-user 
SSPIDomain ip or domainname
</Files>
</Directory>

[download]
Appreciate any inputs /pointers towards the solution. Thanks!!

Replies are listed 'Best First'.
Re: Retrieve REMOTE_USER Cgi Env with mod_auth_sspi
by igelkott (Priest) on Apr 02, 2013 at 22:16 UTC

    If you're using IE to connect to your site, you need to make certain that your server is set to maximal trust before it will pass domain credentials.

    Not really a Perl answer but IE security is a bit "special" and may be the real problem.

[reply]
      Hi, Thanks for the response. I have added my site's server to the intranet zone sites listed on IE settings. I believe that is usually meant to accept the site as a trusted site. Is there anyway to test that the SSPI authentication is kicked of atleast? I know this is not purely perl issue, but would like to know if this has nothing to do with it, if so! Lots of resources online referred to having mod_perl installed in this context and I could not find it for the 5.16v of perl. So looking to seek any pointers to get this working the perl way. Thanks again for your inputs. Appreciate it.
[reply]
        Is there anyway to test that the SSPI authentication is kicked of atleast?

        Sure, require this authorization for a normal text/html file. When that works, mess up the credentials (eg, set the wrong SSPIDomain) and make certain that that doesn't work.

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1026756]
Approved by ww
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others avoiding work at the Monastery: (9)
As of 2024-04-23 17:51 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found