I ended up using isapi_rewrite, but your mod_auth_kerb suggestion is illuminating and I'll keep it in mind as I approach production. Thanks all!
On Thu, Nov 18, 2010 at 8:27 AM, Andrey Moskvitin archimag@gmail.comwrote:
How can I discover windows domain login of the user accessing web app
on
intranet? I run clozure cl on windows. Has anybody done this? I don't
want
to authenticate because users are used to single sign-on and transparent access.
I use Hunchentoot + Apache + mod_auth_kerb for transparent authentication of users. Here is a template config for Apache:
<VirtualHost *:80> ServerName myserver
RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set REMOTE-USER %{RU}e
ProxyPass / http://hunchentoot-server:port/
<Location /> AuthType Kerberos KrbAuthRealms MYDOAIN KrbServiceName HTTP/myservicename Krb5Keytab /path/to/keytab
require valid-user Allow from all Deny from all</Location> </VirtualHost>
See documentation on mod_auth_kerb for details.
Now the user login can be calculated as follows:
(hunchentoot:header-in* :remote-user)
Andrey
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel