|
Posted by Steve Wolfe on February 3, 2005, 4:24 pm
Please log in for more thread options
From a perl CGI application, I'd like to find the username of the person
at the client computer. All clients log in to a domain controller, so I
began looking at the various NTLM and SMB modules. I see various modules
such as Authen::NTLM which will attempt to authenticate if passed a username
and password, but I can't find any to simply discover the current username.
Am I missing something?
steve
|
|
Posted by Bill Karwin on February 3, 2005, 4:06 pm
Please log in for more thread options
Steve Wolfe wrote:
> From a perl CGI application, I'd like to find the username of the person
> at the client computer.
Web applications can't get this information unless it's been explicitly
sent by the client computer. For instance, by a person entering
username and password into a login form. There's no way for a web
application to query such information by its own authority, and that's a
good thing.
Once the user sends his/her username and password, you can write code in
your CGI application using a module such as Authen::NTLM to authenticate
the user. You might also want to look at Apache::AuthenSMB as another
alternative.
Regards,
Bill K.
|
|
Posted by Steve Wolfe on February 4, 2005, 11:31 am
Please log in for more thread options > > From a perl CGI application, I'd like to find the username of the
person
> > at the client computer.
>
> Web applications can't get this information unless it's been explicitly
> sent by the client computer. For instance, by a person entering
> username and password into a login form. There's no way for a web
> application to query such information by its own authority, and that's a
> good thing.
>
> Once the user sends his/her username and password, you can write code in
> your CGI application using a module such as Authen::NTLM to authenticate
> the user. You might also want to look at Apache::AuthenSMB as another
> alternative.
Some six or so years ago, I looked into this with a Perl module that I
now can't remember the name of. When a client with an NT machine was
queried from the CGI app, I was able to determine the username - but not
that of 9x machines. At that time, because the company had many 9x
machines, the attempt was abandoned until now - I just can't remember what
module I used, or how I did it! : )
I guess there's always a chance that my memory is failing me, and I did it
through something like Apache::AuthenSMB, where they need to explicitly pass
a username and password. I'll have to play around some more and see what I
come up with.
steve
|
|
Posted by Bill Karwin on February 4, 2005, 2:08 pm
Please log in for more thread options Steve Wolfe wrote:
> Some six or so years ago, I looked into this with a Perl module that I
> now can't remember the name of. When a client with an NT machine was
> queried from the CGI app, I was able to determine the username
There may be some non-portable ways of doing implicit authentication.
For instance, IIS has "Windows Integrated Authentication" but AFAIK it
only works if your web server is IIS *and* your web browser is MSIE.
See "How To Configure IIS Web Site Authentication in Windows Server 2003"
http://support.microsoft.com/default.aspx?kbid=324274&product=winsvr2003
Here's an Apache module that claims to support the same kind of
authentication in Apache, but it requires that the client use either
MSIE or Firefox with an appropriate plugin:
http://rc.vintela.com/topics/mod_auth_vas/
There are also single sign-on solutions that authenticate against NT
domain controllers. For example:
http://plone.org/documentation/howto/singlesignonwindowsdomains
All these solutions, and all other single sign-on solutions I've seen,
require some pretty heavy technical chops to deploy, usually involving
extensions to the web server software. I haven't seen a simple solution
that can be added casually to a single CGI Perl script.
Regards,
Bill K.
|
|
Posted by Big and Blue on February 5, 2005, 2:29 am
Please log in for more thread options Steve Wolfe wrote:
>
> From a perl CGI application, I'd like to find the username of the person
> at the client computer. All clients log in to a domain controller, so I
> began looking at the various NTLM and SMB modules. I see various modules
> such as Authen::NTLM which will attempt to authenticate if passed a username
> and password, but I can't find any to simply discover the current username.
> Am I missing something?
Well, you neglected to say which Web server was involved.
From follow ups looks like Apache.
So put in an authentication module (eg: Apache::NTLM or
Apache::AuthenSMB). The *server* runs this according to its config (or
your .htaccess file if the server config lets you). All you see is a
REMOTE_USER environment variable set to the authenticated username (and if
they fail authentication your CGI script won't even be started).
But that is a CGI question, not a Perl one.
--
Just because I've written it doesn't mean that
either you or I have to believe it.
|
| Similar Threads | Posted | | Looking for module that will expands domain/username to email address | October 23, 2004, 12:56 am |
| subdomain.domain.tld regexp? | March 24, 2005, 6:58 am |
| checking userid and password against windows domain (Active directory) | June 9, 2005, 10:57 am |
| username passwd expect | September 14, 2006, 12:36 am |
| POE::Component::Client::TCP help! | February 7, 2005, 12:11 pm |
| Passing username and password using LWP::UserAgent | December 11, 2006, 4:40 am |
| soaplite server and .net client | September 14, 2006, 9:04 pm |
| Sockets - client unable to connect | May 1, 2006, 5:28 pm |
| beginner question on use of Frontier::Client | November 15, 2006, 10:52 am |
| Net::SSH::Perl dies during logon only when username is entered in stdin | November 5, 2004, 3:37 pm |
|
XML Sitemap