You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Fabrizio Reale <fa...@redomino.com> on 2007/11/09 11:17:18 UTC
[users@httpd] Re: Use NTLM only when needed
Hi Christian,
> On Tue, Nov 06, 2007 at 10:41:57PM +0100, Fabrizio Reale wrote:
>> I have a web application (Plone) which has its own authentication, but in
>> an intranet I set up the NTLM authentication using the mod_ntlm module.
>> It works very well when I am using a windows PC, but when I use my Linux
>> desktop I must login using the ugly NTLM popup window.
>> I would rather prefer to use the standard login of the web application.
>> So if I can perform the NTLM authentication the system should
>> authomatically log me, but if not I would like to see the application as
>> an anonimous user.
>>
>> Does any one know how to do that?
> I can think of a hack including mod_rewrite and possibly mod_security,
> but it means a potential breach of your security and is really
> complicated. Unless you absolutely have to (and "ugly popup" sounds
> annoying, but not really lethal) I would stick with the situation
> as is. If you really have to, then there are a lot of learning
> opportunities ahead. ;)
The ugly popup is shown before any page, so the user can not even know where
is going and it is not easy to write a password without viewing a page.
What hack do you suggest?
> However, I'd be happy to hear about Firefox on Linux being able to respond
> to NTLM by itself. Have not checked that in quite some time. And it
> would solve your problem too, I suppose.
No, because sometimes I am not in the intranet.
Thank you,
Fabrizio
--
Fabrizio Reale fabrizio.reale@redomino.com
Redomino S.r.l. Largo Valgioie 14 - 10146 Torino - Italy
Tel: +39 011 7499875 - Fax: +39 011 3716911 http://www.redomino.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org