[hunchentoot-devel] Windows domain login
Dmitri Pavlenkov
syntard at gmail.com
Thu Nov 18 14:15:34 UTC 2010
I ended up using isapi_rewrite, but your mod_auth_kerb suggestion is
illuminating and I'll keep it in mind as I approach production. Thanks all!
On Thu, Nov 18, 2010 at 8:27 AM, Andrey Moskvitin <archimag at gmail.com>wrote:
> > How can I discover windows domain login of the user accessing web app
> on
> > intranet? I run clozure cl on windows. Has anybody done this? I don't
> want
> > to authenticate because users are used to single sign-on and transparent
> > access.
>
> I use Hunchentoot + Apache + mod_auth_kerb for transparent authentication
> of users. Here is a template config for Apache:
>
> <VirtualHost *:80>
> ServerName myserver
>
> RewriteEngine On
> RewriteCond %{LA-U:REMOTE_USER} (.+)
> RewriteRule . - [E=RU:%1]
> RequestHeader set REMOTE-USER %{RU}e
>
> ProxyPass / http://hunchentoot-server:port/
>
> <Location />
> AuthType Kerberos
> KrbAuthRealms MYDOAIN
> KrbServiceName HTTP/myservicename
> Krb5Keytab /path/to/keytab
>
> require valid-user
>
> Allow from all
> Deny from all
> </Location>
> </VirtualHost>
>
> See documentation on mod_auth_kerb for details.
>
> Now the user login can be calculated as follows:
>
> (hunchentoot:header-in* :remote-user)
>
>
> Andrey
>
> _______________________________________________
> tbnl-devel site list
> tbnl-devel at common-lisp.net
> http://common-lisp.net/mailman/listinfo/tbnl-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/tbnl-devel/attachments/20101118/0b0758d3/attachment.html>
More information about the Tbnl-devel
mailing list