Full SSO Authentication for Active Directory
I have a web page where I only need a specific group to login.
I work in college and we are using Active Directory accounts and only a certain group can access this php page (on the Apache server).
I know I can restrict access with some PHP code, but I want to sign in for free.
Everyone uses IE7 at work (which is configured to pass the correct credentials) and is required to log on to the computer (which registers them with a domain controller).
When the user goes to http: // intranet , they will be automatically logged in since they previously logged in to their computer.
If the user goes to http://intranet.domain.com , he will ask them for his credentials.
I know that I need to use Kerberos for authentication and LDAP for authorization.
Has anyone had any success with full authentication?
source to share
There are commercial products that offer this as Apache modules, see the links at the end of the Wikipedia article on SPNEGO (eg. A Guide to SPNEGO with Apache ). I also know some php modules like php_krb5: php_krb5 beta / Negotiate auth with GSSAPI for PHP or Apache modules like mod_auth_kerb . I've never used them myself, though.
In terms of going all 9 yards and implementing the negotiation protocol in PHP, I've implemented RFC 2617 in PHP for the HTTP auth digest in my life , and I've implemented the Windows SSPI authentication modules, but I've never tried to implement RFC 4559 in PHP. While the HTTP authentication part is pretty trivial, the opaque GSS-API part is tricky, even if you have a good GSS-API library at your disposal for RFC 2743 .
source to share
This is because you need to add intranet.domain.local to the local intranet zone in IE. Read more in this article: http://www.sysadminlab.net/other/local-intranet-zone-in-ie8-exaplained-for-sysadmins
source to share