0

I'm running apache 2.4 with xampp, and so far my sspi works well with mod_authnz_sspi.

I would like to accept all users, but get their name in $_SERVER['REMOTE_USER'] if they are in my active directory to display some more tabs.

I'm currenlty accepting both users that are in my active directory and anonymous users with Require valid-user, but if a user isn't in my AD, or enters wrong credentials, or is on a raspberry I would like to treat him as an anonymous user, but apache currently rejects the connection because of the 'Require valid-user'.

I tried adding Require all granted on the side, but it takes priority over Require valid-user, and I cant retrieve the $_SERVER['REMOTE_USER'] in php.

LoadModule authnz_sspi_module modules/mod_authnz_sspi.so

<Directory "C:/xampp/htdocs">
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All

    Order allow,deny
    Allow from all
    AuthType SSPI
    SSPIDomain X.X.X.X
    SSPIAuth on
    SSPIOfferSSPI on
    SSPIAuthoritative on
    SSPIPerRequestAuth on
    SSPIOmitDomain on
    SSPIUsernameCase lower

    #Require all granted
    Require valid-user

</Directory>

Is it possible to retireve $_SERVER['REMOTE_USER'] while still accepting all connections ?

Neil
  • 101
  • 3
  • 1
    I've done something like this in .NET. You could probably replicate it. I just recently described how I did it to someone else in this answer: https://stackoverflow.com/a/76484330/1202807 – Gabriel Luci Jun 27 '23 at 17:08
  • I like the idea, not really needing a login page, but in my header sending an ajax request that may set a cookie if apache accepts the connection may work, Thanks ! (However it kinda feels like a hack and i cant imagine there is no clean way to do it with apache directives) – Neil Jun 28 '23 at 08:27

0 Answers0