[hunchentoot-devel] Windows domain login
How can I discover windows domain login of the user accessing web app on intranet? I run clozure cl on windows. Has anybody done this? I don't want to authenticate because users are used to single sign-on and transparent access.
Have you looked at the headers you receive? In case you receive any requests at all? I do remember that I once wrote a WebDAV server where I saw Windows clients trying to log in in a peculiar way, but I forgot the details. On Wed, Nov 17, 2010 at 8:01 PM, Dmitri Pavlenkov <syntard@gmail.com> wrote:
How can I discover windows domain login of the user accessing web app on intranet? I run clozure cl on windows. Has anybody done this? I don't want to authenticate because users are used to single sign-on and transparent access.
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
You can get it from %USERNAME% and %USERDOMAIN% environment variables using Javascript. But modern browsers hide them to protect user privacy. I think the best way is to ask user the login and password (and maybe pass them to DC for validation). On Wed, Nov 17, 2010 at 10:01 PM, Dmitri Pavlenkov <syntard@gmail.com> wrote:
How can I discover windows domain login of the user accessing web app on intranet? I run clozure cl on windows. Has anybody done this? I don't want to authenticate because users are used to single sign-on and transparent access.
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
How can I discover windows domain login of the user accessing web app on intranet? I run clozure cl on windows. Has anybody done this? I don't want to authenticate because users are used to single sign-on and transparent access.
I use Hunchentoot + Apache + mod_auth_kerb for transparent authentication of users. Here is a template config for Apache: <VirtualHost *:80> ServerName myserver RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set REMOTE-USER %{RU}e ProxyPass / http://hunchentoot-server:port/ <Location /> AuthType Kerberos KrbAuthRealms MYDOAIN KrbServiceName HTTP/myservicename Krb5Keytab /path/to/keytab require valid-user Allow from all Deny from all </Location> </VirtualHost> See documentation on mod_auth_kerb for details. Now the user login can be calculated as follows: (hunchentoot:header-in* :remote-user) Andrey
I ended up using isapi_rewrite, but your mod_auth_kerb suggestion is illuminating and I'll keep it in mind as I approach production. Thanks all! On Thu, Nov 18, 2010 at 8:27 AM, Andrey Moskvitin <archimag@gmail.com>wrote:
How can I discover windows domain login of the user accessing web app on intranet? I run clozure cl on windows. Has anybody done this? I don't want to authenticate because users are used to single sign-on and transparent access.
I use Hunchentoot + Apache + mod_auth_kerb for transparent authentication of users. Here is a template config for Apache:
<VirtualHost *:80> ServerName myserver
RewriteEngine On RewriteCond %{LA-U:REMOTE_USER} (.+) RewriteRule . - [E=RU:%1] RequestHeader set REMOTE-USER %{RU}e
ProxyPass / http://hunchentoot-server:port/
<Location /> AuthType Kerberos KrbAuthRealms MYDOAIN KrbServiceName HTTP/myservicename Krb5Keytab /path/to/keytab
require valid-user
Allow from all Deny from all </Location> </VirtualHost>
See documentation on mod_auth_kerb for details.
Now the user login can be calculated as follows:
(hunchentoot:header-in* :remote-user)
Andrey
_______________________________________________ tbnl-devel site list tbnl-devel@common-lisp.net http://common-lisp.net/mailman/listinfo/tbnl-devel
I ended up using isapi_rewrite, but your mod_auth_kerb suggestion is illuminating and I'll keep it in mind as I approach production. Thanks all!
Oh, I thought that if you are using a server with Windows, then perhaps you may find it easier to use Apache with sspi_auth_module. I no longer use Windows, and completely forgot about this module. Andrey
participants (4)
-
Andrey Moskvitin -
Blond BF -
Dmitri Pavlenkov -
Edi Weitz