Gallardo, Lisa wrote:
[...]
When users are at work they do have IE set up as you stated above: the site is in the intranet security zone for automatic login and Allow Windows Integrated Authentication is checked. But when they are at home or away from the office they can also access by entering their user login and password. This is when the login prompts and it only prompts once then gives the error message if credentials are incorrect.
It's set up like this in my config:
AuthName "Password Required"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOmitDomain On
require group domain\domainuser
When outside the network is there a way to have apache use ldap instead?
Hi Lisa.
That is a very simple question, with a possibly very complex answer.
There are so many cases and so many configuration possibilities that it
is not possible to give a simple answer yes or no.
It also involves the browsers as well as the server.
First of all, since we are talking about AAA, never provide the name or
address of your webserver in this conversation. Or any names at all for
that matter. We do not want all the world's hackers to start
concentrating on your webserver, do we ?
Be specially careful when quoting parts of your configuration files.
Let me ask you a few questions, so that I don't start an answer that
would be totally out of context :
a) Just to get and idea, how many users are we talking about, and is
this a small/medium/large corporation ? Can you give some general idea,
without being very precise or disclosing any confidential information ?
b) What is "outside" ? Are we talking "Internet Café", or people with a
company laptop connecting from another location in the company ?
How do the people from "outside" connect to your Apache web server or
(maybe) your Intranet ? Is this a web server that is directly accessible
on the Internet, or do the users first establish some kind of private
connection through a VPN, a firewall, or something like that ?
c) What kind of information is on that Apache server ? is this more or
less public information, and you just want to know who is connecting, or
is it private information that must absolutely be reserved for users who
have a Domain user-id ?
d) do all users use the same browser ?
When the users connect from home or from outside, is it from their own
workstation/laptop (that they bought and set up themselves), or do they
use a workstation or laptop supplied and configured by the company ?
This may look like a lot of questions, but what we are talking about
here is Authentication and Access control. I would not want to start
giving you tips that are not appropriate to the situation, and get you
fired and/or both of us sued..
If this is uncommented will it work with sspi for outside the network?
And will it prompt twice?
[...]
It's not so simple, unfortunately, and it could be very dangerous for
your network.
Try to give some general answers to the questions above, and then I'll
see if I can provide real help in your case.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
