Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Retrieve REMOTE_USER Cgi Env with mod_auth_sspi

by suzun30 (Acolyte)
on Apr 02, 2013 at 21:29 UTC ( #1026756=perlquestion: print w/replies, xml ) Need Help??
suzun30 has asked for the wisdom of the Perl Monks concerning the following question:


I need to retrieve the username of the remote user accessing my intranet site. I have installed and included it to the httpd.conf file in my apache2.2 server. I am trying to retrieve the username using $cgi->user_name() and $cgi->remote_user() and also checking in the ENV variable for REMOTE_USER and AUTH_USER. None returns it. I am not sure if my SSPI is functioning either. Does this method of authentication need mod_perl installed. I have got Active State perl v5.16 on Windows 2008 server. I don't see a active mod_perl build for this version of perl in activestate home. Appreciate any pointers. My code in my httpd.conf file is as follows.

<IfModule !mod_auth_sspi.c> LoadModule sspi_auth_module modules/ </IfModule> </Directory> <Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2. +2/htdocs/TestWeb/"> <Files> Options FollowSymLinks Order allow,deny Allow from all AuthName "TestWeb" AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIOfferBasic on Require valid-user SSPIDomain ip or domainname </Files> </Directory>
Appreciate any inputs /pointers towards the solution. Thanks!!

Replies are listed 'Best First'.
Re: Retrieve REMOTE_USER Cgi Env with mod_auth_sspi
by igelkott (Priest) on Apr 02, 2013 at 22:16 UTC

    If you're using IE to connect to your site, you need to make certain that your server is set to maximal trust before it will pass domain credentials.

    Not really a Perl answer but IE security is a bit "special" and may be the real problem.

      Hi, Thanks for the response. I have added my site's server to the intranet zone sites listed on IE settings. I believe that is usually meant to accept the site as a trusted site. Is there anyway to test that the SSPI authentication is kicked of atleast? I know this is not purely perl issue, but would like to know if this has nothing to do with it, if so! Lots of resources online referred to having mod_perl installed in this context and I could not find it for the 5.16v of perl. So looking to seek any pointers to get this working the perl way. Thanks again for your inputs. Appreciate it.
        Is there anyway to test that the SSPI authentication is kicked of atleast?

        Sure, require this authorization for a normal text/html file. When that works, mess up the credentials (eg, set the wrong SSPIDomain) and make certain that that doesn't work.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1026756]
Approved by ww
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (3)
As of 2018-01-21 20:43 GMT
Find Nodes?
    Voting Booth?
    How did you see in the new year?

    Results (230 votes). Check out past polls.