Hi all,
Anybody out there doing much in the way of authentication for web access? I
don't just mean the htaccess stuff - I want to be able to authenticate
users putting requests through our internet web proxy (squid) and using PHP
based applications locally.
I do have programs written in C for squid redirection and PHP which use a
common database which expires 'sessions' after a period of inactivity.
Because I am using it for authentication on the proxy I can't rely on
information stored at the client end. The downside is that it requires the
user to log on again (although the PHP login page they get redirected to
calls an external C program which is linked to the PAM libs so that they
can be authenticated using an existing Samba / NT / Unix account).
I'd prefer if it were completely transparent though - i.e. not require the
user to log on but still to be authenticated for access. Given that they
should already have logged on to their workstation (most commonly Windows
9X, although a couple of 3.11 and Linux boxes) the obvious solution is to
authenticate on the basis of that session.
AFAICS there are 2 ways to do this - NTLM and ident.
NTLM is very Microsoft specific - but I can authenticate a MSWindows
against a unix account using Samba and its supported under squid. But what
about Netscape? Non MS-Windows clients?
If I use ident, I get the username associated with the current session on
the workstation, but how do I know that they were authenticated by a server
which I control? (I got a MSWindows identd from the SquidGuard site).
Anybody any ideas? Other solutions?
Colin
--------------------------------------------------------------------
http://www.lug.org.uk http://www.linuxportal.co.uk
http://www.linuxjob.co.uk http://www.linuxshop.co.uk
--------------------------------------------------------------------
