Intranet website authentication using windows logon

Question

I'm building an internal website in Perl and I would like to get it to use Windows credentials for authentication. My research so far has turned up a lot of keywords: Kerberos, LDAP, NTLM, etc, but no solid information. Anyone got pointers or good tutorials?

Thanks.

Answer 1

Are your servers part of a Microsoft Active Directory?

• Active Directory is LDAP-compliant. Therefore, you can setup LDAP to authenticate your users

• Are you using Apache? If so, there is a module that allows you to authenticate to an Active Directory directory: mod_ auth_sspi

• Finally, Microsoft has created Active Directory Service Interfaces (ASDI) to solve these types of problems. There is a lot of information at MSDN. For example, this is how the open-source Hudson CI server authenticates to Active Directory.

I hope one of these suggestions help you.

Answer 2

We've been using Mod NTML for Apache. It fetches the windows credentials of the user logged in. But you're probably not interested in the SSO?

http://modntlm.sourceforge.net/

Answer 3

I've been looking into this topic myself. I'm still not sure what the right answer is because the topic is out of my domain of knowledge & experience. But here are some possibilities that I've come up with by searching the Internet:

An Apache LDAP module: http://httpd.apache.org/docs/2.0/mod/mod_auth_ldap.html

A Perl Module for Apache LDAP authentication: Apache2::AuthNetLDAP

NT authentication using an Apache Perl Module: Apache2::AuthenSmb

Using NIS for Apache user authentication: http://www.yolinux.com/TUTORIALS/LinuxTutorialApacheAddingLoginSiteProtection.html#NIS

An article describing ActiveDirectory authentication using Apache: http://www.le.ac.uk/cc/sh23/adldap.html

An open source ActiveDirectory solution from a business: http://www.likewise.com/

Answer 4

For Tomcat on Windows you can use Waffle, both SSO and form-based/basic/digest auth.