Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Retrieve REMOTE_USER Cgi Env with mod_auth_sspi

by suzun30 (Acolyte)
on Apr 02, 2013 at 21:29 UTC ( #1026756=perlquestion: print w/ replies, xml ) Need Help??
suzun30 has asked for the wisdom of the Perl Monks concerning the following question:

Hi

I need to retrieve the username of the remote user accessing my intranet site. I have installed mod_auth_sspi.so and included it to the httpd.conf file in my apache2.2 server. I am trying to retrieve the username using $cgi->user_name() and $cgi->remote_user() and also checking in the ENV variable for REMOTE_USER and AUTH_USER. None returns it. I am not sure if my SSPI is functioning either. Does this method of authentication need mod_perl installed. I have got Active State perl v5.16 on Windows 2008 server. I don't see a active mod_perl build for this version of perl in activestate home. Appreciate any pointers. My code in my httpd.conf file is as follows.

<IfModule !mod_auth_sspi.c> LoadModule sspi_auth_module modules/mod_auth_sspi.so </IfModule> </Directory> <Directory "C:/Program Files (x86)/Apache Software Foundation/Apache2. +2/htdocs/TestWeb/"> <Files TestWeb.pl> Options FollowSymLinks Order allow,deny Allow from all AuthName "TestWeb" AuthType SSPI SSPIAuth On SSPIAuthoritative On SSPIOfferBasic on Require valid-user SSPIDomain ip or domainname </Files> </Directory>
Appreciate any inputs /pointers towards the solution. Thanks!!

Comment on Retrieve REMOTE_USER Cgi Env with mod_auth_sspi
Download Code
Re: Retrieve REMOTE_USER Cgi Env with mod_auth_sspi
by igelkott (Curate) on Apr 02, 2013 at 22:16 UTC

    If you're using IE to connect to your site, you need to make certain that your server is set to maximal trust before it will pass domain credentials.

    Not really a Perl answer but IE security is a bit "special" and may be the real problem.

      Hi, Thanks for the response. I have added my site's server to the intranet zone sites listed on IE settings. I believe that is usually meant to accept the site as a trusted site. Is there anyway to test that the SSPI authentication is kicked of atleast? I know this is not purely perl issue, but would like to know if this has nothing to do with it, if so! Lots of resources online referred to having mod_perl installed in this context and I could not find it for the 5.16v of perl. So looking to seek any pointers to get this working the perl way. Thanks again for your inputs. Appreciate it.
        Is there anyway to test that the SSPI authentication is kicked of atleast?

        Sure, require this authorization for a normal text/html file. When that works, mess up the credentials (eg, set the wrong SSPIDomain) and make certain that that doesn't work.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1026756]
Approved by ww
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (12)
As of 2014-09-17 12:25 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (77 votes), past polls