Pass Windows credentials

Hi everybody,
i'm trying to do an hard stuff.....
I want to create a PHP page where users can authenticate themselves passing their Windows (XP or 2000) logon credentials trasparently.
So, if i've made logon on my workstation with "username" and "password" i want to catch them and reuse to give them access.

This stuff will run on a Linux Slackware box with Apache 2.2.4 - PHP 5.2.4 and Samba 3.0.26a

Somebody can help me?!
Thanx a lot!

Simone Nanni
ICT Technician
A.O.U. Policlinico Tor Vergata
Viale Oxford, 81
00133 - Roma - RM - Italy

On 10/31/07, Simone Nanni <simone.nanni@ptvonline.it> wrote:
> Hi everybody,
> i'm trying to do an hard stuff.....
> I want to create a PHP page where users can authenticate themselves passing their Windows (XP or 2000) logon credentials trasparently.
> So, if i've made logon on my workstation with "username" and "password" i want to catch them and reuse to give them access.
>
> This stuff will run on a Linux Slackware box with Apache 2.2.4 - PHP 5.2.4 and Samba 3.0.26a
>
> Somebody can help me?!
> Thanx a lot!
>
> Simone Nanni
> ICT Technician
> A.O.U. Policlinico Tor Vergata
> Viale Oxford, 81
> 00133 - Roma - RM - Italy

Simone,

I believe Dan Shirah from the list did something like this a while
back. If you search the archives for his name, you should find some
threads that will help you out.

<hint>Maybe he'll even chime into this discussion.</hint>

--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

Give a man a fish, he'll eat for a day. Then you'll find out he was
allergic and is hospitalized. See? No good deed goes unpunished....

[snip]
i'm trying to do an hard stuff.....
I want to create a PHP page where users can authenticate themselves
passing their Windows (XP or 2000) logon credentials trasparently.
So, if i've made logon on my workstation with "username" and "password"
i want to catch them and reuse to give them access.

This stuff will run on a Linux Slackware box with Apache 2.2.4 - PHP
5.2.4 and Samba 3.0.26a
[/snip]

The Holy Grail - Single sign on!

I have researched this for ages. While ASP has a way for you to capture
this PHP does not...at least not in any way that I have found. I have
looked at using JavaScript and several other methods but have not been
successful. It sure would make life much easier.

The server variable AUTH_USER contains the windows login name. If I rememebr
correctly, within IIS you need to have your website setup for windows
authentication. Otherwise you will only be pull the Anonymous access name
for your server.

I haven't worked much on Linux, so I don't know if there is an option to use
Windows Authentication or not.

You can echo it out like this:

<?php echo $_SERVER['AUTH_USER']; ?>

Hope that helps.


On 10/31/07, Simone Nanni <simone.nanni@ptvonline.it> wrote:
>
> Hi everybody,
> i'm trying to do an hard stuff.....
> I want to create a PHP page where users can authenticate themselves
> passing their Windows (XP or 2000) logon credentials trasparently.
> So, if i've made logon on my workstation with "username" and "password" i
> want to catch them and reuse to give them access.
>
> This stuff will run on a Linux Slackware box with Apache 2.2.4 - PHP 5.2.4and Samba
> 3.0.26a
>
> Somebody can help me?!
> Thanx a lot!
>
> Simone Nanni
> ICT Technician
> A.O.U. Policlinico Tor Vergata
> Viale Oxford, 81
> 00133 - Roma - RM - Italy

On Oct 31, 1:44 pm, simone.na...@ptvonline.it (Simone Nanni) wrote:
> Hi everybody,
> i'm trying to do an hard stuff.....
> I want to create a PHP page where users can authenticate themselves passing their Windows (XP or 2000) logon credentials trasparently.
> So, if i've made logon on my workstation with "username" and "password" i want to catch them and reuse to give them access.
>
> This stuff will run on a Linux Slackware box with Apache 2.2.4 - PHP 5.2.4 and Samba 3.0.26a
>
> Somebody can help me?!
> Thanx a lot!
>
> Simone Nanni
> ICT Technician
> A.O.U. Policlinico Tor Vergata
> Viale Oxford, 81
> 00133 - Roma - RM - Italy

Here's how you get it (change "domain_name" to whatever your Windows
domain is):

if(empty($_SERVER['PHP_AUTH_USER']) ||
empty($_SERVER['PHP_AUTH_PW']) ) {
header('WWW-Authenticate: Basic realm="domain_name"');
header('HTTP/1.0 401 Unauthorized');
die(); //if they hit cancel
}

Now $_SERVER['PHP_AUTH_USER'] will have the username and
$_SERVER['PHP_AUTH_PW'] will have the password.


If you want to check that against your domain controller you can do
this (change "domain_controller" and "domain_name" to whatever they
are):

if(($ldap = @ldap_connect('domain_controller', 389)) !== false) {
if(@ldap_bind($ldap, $_SERVER['PHP_AUTH_USER'] . '@domain_name',
$_SERVER['PHP_AUTH_PW']) !== false) {
//The username and password are legit
}
else {
//The username and password are bogus
header('WWW-Authenticate: Basic realm="domain_name"');
header('HTTP/1.0 401 Unauthorized');
die(); //if they hit cancel
}
}