I ended up using isapi_rewrite, but your mod_auth_kerb suggestion is illuminating and I&#39;ll keep it in mind as I approach production. Thanks all!<br><br>
<div class="gmail_quote">On Thu, Nov 18, 2010 at 8:27 AM, Andrey Moskvitin <span dir="ltr">&lt;<a href="mailto:archimag@gmail.com">archimag@gmail.com</a>&gt;</span> wrote:<br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div>
<div></div>
<div class="h5">&gt; How can I discover windows domain login of the user accessing web app on<br>&gt; intranet? I run clozure cl on windows. Has anybody done this? I don&#39;t want<br>&gt; to authenticate because users are used to single sign-on and transparent<br>
&gt; access.<br><br></div></div>I use Hunchentoot + Apache + mod_auth_kerb for transparent authentication<br>of users. Here is a template config for Apache:<br><br>&lt;VirtualHost *:80&gt;<br>   ServerName myserver<br><br>
   RewriteEngine On<br>   RewriteCond %{LA-U:REMOTE_USER} (.+)<br>   RewriteRule . - [E=RU:%1]<br>   RequestHeader set REMOTE-USER %{RU}e<br><br>   ProxyPass / http://hunchentoot-server:port/<br><br>   &lt;Location /&gt;<br>
       AuthType  Kerberos<br>       KrbAuthRealms MYDOAIN<br>       KrbServiceName HTTP/myservicename<br>       Krb5Keytab /path/to/keytab<br><br>       require valid-user<br><br>       Allow from all<br>       Deny from all<br>
   &lt;/Location&gt;<br>&lt;/VirtualHost&gt;<br><br>See documentation on mod_auth_kerb for details.<br><br>Now the user login can be calculated as follows:<br><br>   (hunchentoot:header-in* :remote-user)<br><font color="#888888"><br>
<br>Andrey<br></font>
<div>
<div></div>
<div class="h5"><br>_______________________________________________<br>tbnl-devel site list<br><a href="mailto:tbnl-devel@common-lisp.net">tbnl-devel@common-lisp.net</a><br><a href="http://common-lisp.net/mailman/listinfo/tbnl-devel" target="_blank">http://common-lisp.net/mailman/listinfo/tbnl-devel</a><br>
</div></div></blockquote></div><br>