Its like any other authentication scheme, the user supplies the username and a password. Or does Apache2::AuthenNTLM somehow read the mind of the person on the other end of the network and determine their window's username? Not even windows can get a person username until they type it in to the login screen. Maybe what you are looking for is a single sign on solution. If so why didn't ask about that? I have used products from Quest http://www.quest.com/identity-management/ that handle Apache authentication with Window credentials but its not free or opensource.