3

I have a site set up to authenticate users using NTLM in Apache on Linux using perl's Apache2::AuthenNTLM module. This works great when I require the authentication, but I want this to bypass the website's built-in login when the user can authenticate with NTLM and let them use the regular login if they can't. If users don't know their status, I think I need to make the NTLM authentication optional so that it is detected for users who have it, and everyone else sees the site as usual. I commented out 'require valid-user', but now the NTLM authentication isn't used at all. Is there a way to enable it without showing anything to users who don't authenticate?

This is the current htaccess:

PerlAuthenHandler Apache2::AuthenNTLM
AuthType ntlm
AuthName NTLMTest
#require valid-user
PerlAddVar ntdomain  "DOMAIN ADMIN ADMIN2"
PerlSetVar defaultdomain DOMAIN
PerlSetVar splitdomainprefix 1
PerlSetVar ntlmdebug 0
PerlSetVar ntlmauthoritative off
crb
  • 7,998
  • 1
  • 38
  • 53
user29745
  • 159
  • 1
  • 7

2 Answers2

2

A common pattern (used by Moodle) is to have a single second page that requires NTLM authentication, and have a first page that decides whether or not to direct you to that second page (based on your IP range, user agent, etc).

crb
  • 7,998
  • 1
  • 38
  • 53
  • What if the trusted range of IP addresses has some computers that won't use NTLM, and you don't want to show an error message for them? – user29745 Dec 29 '09 at 15:44
  • The idea is the same - you have a "gatekeeper" of sorts that offers choices for authentication. If you NTLM protect a file/directory - it is all-or-nothing. – Goyuix Jan 03 '10 at 21:47
1

I've had the same requirement for my intranet websites and built a sample solution based on crb's answer for Apache with NTLM and PHP: Optional NTLM authentication for a website on Apache with PHP

Community
  • 1
StefanMacke
  • 81
  • 4