Works great. Apache takes care of NTLM part, and by the time Zend_Auth runs - there is already authenticated username in the environment (or 403 to the user).
Works in IE (with default security settings if site is in "local intranet" or "trusted zone") and firefox (if domain is added to network.automatic-ntlm-auth.trusted-uris in about:config). Other browsers show username/password prompt, but if you enter username/pass for AD - authenticates without any problems.
--
Best Regards,
Sergey Syrota
--
Best Regards,
Sergey Syrota
On Thu, Jan 7, 2010 at 9:16 AM, Michael B Allen <ioplex@gmail.com> wrote:
On Thu, Jan 7, 2010 at 8:56 AM, Cornelius Weiss <c.weiss@metaways.de> wrote:Hi Cornelius,
> Hi,
> I need to implement NTLM auth support. NTLM is a kind of HTTP
> Authentication, so imho it belongs somewhere into the sope of the
> Zend_Auth_Http Adapter.
> Reading the code of Zend_Auth_Http, I realised, that I can't add NTLM
> support without changeing the Zend_Auth_Http class.
> So please advice which way to go:
> - Let Basic and Digest also be extra classes -> having Zend_Auth_Http_Basic
> / ... or
> - Have Basic and Digest in the Http base class and implement a plugin
> structure for others
Note that any solution would have to implement NTLMv2. Virtually all
of the existing NTLM solutions out there with the exception of a few
like our stuff and Samba's do not do NTLMv2 - they do the lowly,
insecure and now obsolete NTLMv1. Authenticating clients using NTLMv2
requires doing MSRPC with SecureChannel which is to say it is probably
something you do not want to mess with.
Mike
--
Michael B Allen
PHP Active Directory Integration
http://www.ioplex.com/plexcel.html
没有评论:
发表评论