How can I discover windows domain login of the user accessing web app on intranet? I run clozure cl on windows. Has anybody done this? I don't want to authenticate because users are used to single sign-on and transparent access.
Have you looked at the headers you receive? In case you receive any requests at all?
I do remember that I once wrote a WebDAV server where I saw Windows clients trying to log in in a peculiar way, but I forgot the details.
On Wed, Nov 17, 2010 at 8:01 PM, Dmitri Pavlenkov syntard@gmail.com wrote:
How can I discover windows domain login of the user accessing web app on intranet? I run clozure cl on windows. Has anybody done this? I don't want to authenticate because users are used to single sign-on and transparent access.
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
You can get it from %USERNAME% and %USERDOMAIN% environment variables using Javascript. But modern browsers hide them to protect user privacy.
I think the best way is to ask user the login and password (and maybe pass them to DC for validation).
On Wed, Nov 17, 2010 at 10:01 PM, Dmitri Pavlenkov syntard@gmail.com wrote:
How can I discover windows domain login of the user accessing web app on intranet? I run clozure cl on windows. Has anybody done this? I don't want to authenticate because users are used to single sign-on and transparent access.
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
How can I discover windows domain login of the user accessing web app on intranet? I run clozure cl on windows. Has anybody done this? I don't want to authenticate because users are used to single sign-on and transparent access.
I use Hunchentoot + Apache + mod_auth_kerb for transparent authentication of users. Here is a template config for Apache:
<VirtualHost *:80> ServerName myserver
RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set REMOTE-USER %{RU}e
ProxyPass / http://hunchentoot-server:port/
<Location /> AuthType Kerberos KrbAuthRealms MYDOAIN KrbServiceName HTTP/myservicename Krb5Keytab /path/to/keytab
require valid-user
Allow from all Deny from all </Location> </VirtualHost>
See documentation on mod_auth_kerb for details.
Now the user login can be calculated as follows:
(hunchentoot:header-in* :remote-user)
Andrey
I ended up using isapi_rewrite, but your mod_auth_kerb suggestion is illuminating and I'll keep it in mind as I approach production. Thanks all!
On Thu, Nov 18, 2010 at 8:27 AM, Andrey Moskvitin archimag@gmail.comwrote:
How can I discover windows domain login of the user accessing web app
on
intranet? I run clozure cl on windows. Has anybody done this? I don't
want
to authenticate because users are used to single sign-on and transparent access.
I use Hunchentoot + Apache + mod_auth_kerb for transparent authentication of users. Here is a template config for Apache:
<VirtualHost *:80> ServerName myserver
RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set REMOTE-USER %{RU}e
ProxyPass / http://hunchentoot-server:port/
<Location /> AuthType Kerberos KrbAuthRealms MYDOAIN KrbServiceName HTTP/myservicename Krb5Keytab /path/to/keytab
require valid-user Allow from all Deny from all</Location> </VirtualHost>
See documentation on mod_auth_kerb for details.
Now the user login can be calculated as follows:
(hunchentoot:header-in* :remote-user)
Andrey
tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
I ended up using isapi_rewrite, but your mod_auth_kerb suggestion is illuminating and I'll keep it in mind as I approach production. Thanks all!
Oh, I thought that if you are using a server with Windows, then perhaps you may find it easier to use Apache with sspi_auth_module. I no longer use Windows, and completely forgot about this module.
Andrey
-
Andrey Moskvitin -
Blond BF -
Dmitri Pavlenkov -
Edi Weitz