[Webinar] Streamline your web hosting managementRegister Today


Integrated authentication over Intranet -- Passwordless.

Posted on 2010-03-25
Medium Priority
Last Modified: 2013-11-10
Hi everyone, a bit of a strange situation here.

First, here's what the server/client situation looks like:
Server: The server is running Ubuntu, Apache, MySql, and PHP. Access is LOCAL to it's subnet only.
Client: While never exactly the same, they will be between versions of windows 2000 -> windows 7. Most of them will be using IE6 or later (there is a very small portion expected outside of IE use, nearly 0%, sad I know :( ). They are all connecting to a windows domain via LDAP.

Anyway, what I need to do is find a way our client is able to automatically be logged into the system when they come back.

We can't always rely on IP of the client as they may have a dynamic IP configuration.
We can't set one cookie and forget about it forever, as often they have techs remote login and their list of processes to fix things is "First, clear the cookies." Meaning, we can't use cookies.

I looked into Integrated Windows Authentication, but it looks like users still need to type in a password (never mind the lack of support out there for running NTLM protocols on LAMP), so I don't believe this is a method either.

I also though about having a windows PowerShell or VBS/otherwise run as a LoginScript and query the server for a new cookie and set it on each login. The only problem I see with this is that I've now coded a backdoor into my otherwise secure system (which I really do not like).

Accepted Solution is whoever can provide me with a method that allows for someone to login by somehow joining the security from logging into their desktops (LDAP).

Question by:brian-jg
  • 3
  • 2

Author Comment

ID: 28680457
I'm starting to think this isn't possible without some form of VPN script on domain login and browser extension, or Java Applet. None of which are realistic for the project.
LVL 18

Expert Comment

ID: 30239635

Maybe this Apache mod can be of use? It generates tokens to keep track of users.
Ref: http://code.google.com/p/mod-auth-token/

Regards, Tobias

Author Comment

ID: 30640626
That's as secure as using something like ?token=43eaf9c5.

We would never be able to use something like that.
LVL 18

Accepted Solution

TobiasHolm earned 2000 total points
ID: 30649564
Then maybe you could use an Apache module that implements SPNEGO?
Ref: http://onlamp.com/pub/a/onlamp/2003/09/11/kerberos.html

Regards, Tobias

Author Closing Comment

ID: 31707072
This is something I hadn't thought of. I intend to just have LDAP run behind basic auth instead of using NTLM.

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question