1

I'm trying to configure the mod_auth_sspi module on my Apache server. I've found a few example configurations, but I can't find any proper documentation. Does anyone know where I can find that?

Mathew Alden
  • 267
  • 4
  • 7

1 Answers1

0

I still haven't found any official documentation, but I did find this helpful write-up: https://beradrian.wordpress.com/tag/authentication/

Here's a copypaste in case the site 404s:

Now lets’ discuss in a little bit more in detail the above configuration settings:

  • SSPIAuth – this will turn on/off the Windows authentication module
  • SSPIAuthoritative – this will turn on/off if the the Windows authentication is mandatory or if other modules can be used as a fallback
  • SSPIDomain – the IP address or name of your windows domain controller against which the authentication is run
  • SSPIOmitDomain – if it is On then the domain name is omitted from the user name; so if the user is DOMAIN\user, the user name for Apache and Subversion will actually be user and not DOMAIN\user.
  • SSPIUsernameCase – tells how the user name letter cases are converted. The possible values are lower and upper. If this is not specify then no conversion is made. If you specify lower (recommended) then the user name DOMAIN\User will be transformed to domain\user (if you also specify SSPIOmitDomain On, then the name will become user)
  • SSPIOfferBasic – SSPI by default uses NTLM, a Microsoft proprietary protocol which only IE (and other Windows components/application) understand, so they are able to authenticate you automatically. If you set SSPIOfferBasic On means that it is still authenticating against your Windows domain on the backend, but when it asks the client for a password, it does so using standard HTTP Basic authentication. So if you plan to use other clients to your Subversion repository than IE you must set this on and the client then will prompt you for the domain name and password. This is definately needed if you use TortoiseSVN.
  • SSPIBasicPreferred – if it is On then basic authentication will have higher priority
Mathew Alden
  • 267
  • 4
  • 7