You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Ed...@cec.eu.int on 2003/04/16 11:45:41 UTC
[users@httpd] Serving according to NTFS permissions
Hi all,
No environment defined, for the sake of simplicity I'd tend to try with a
Win32 server for this one, especially if NTLM is involved :
Let's say there are documents on the server, and NTFS permissions are set to
allow only specific users to each document. Does any of you know of any way
to have Apache enforce the permissions when serving content ?
1. Apache could rely on an LDAP / Active Directory authentication to
identify the user.
Yet, the way I see things, Apache process will need its own userid to be
able to access files but will not care to check if the remote user is
authorized.
2. I was wondering if the NTLM authentication might be more appropriate, but
I still can't figure how security would be enforced at a document level,
except through some server side cgi that would fulfill requests and do the
trick.
I don't expect any ready made solution on this one (unless ???), but any
hint is welcome to move things forward.
Thanks in advance,
ECB
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Serving according to NTFS permissions
Posted by "William A. Rowe, Jr." <wr...@rowe-clan.net>.
At 04:45 AM 4/16/2003, Eddy.COLLART@cec.eu.int wrote:
>Hi all,
>
>No environment defined, for the sake of simplicity I'd tend to try with a
>Win32 server for this one, especially if NTLM is involved :
>
>Let's say there are documents on the server, and NTFS permissions are set to
>allow only specific users to each document. Does any of you know of any way
>to have Apache enforce the permissions when serving content ?
>
>2. I was wondering if the NTLM authentication might be more appropriate, but
>I still can't figure how security would be enforced at a document level,
>except through some server side cgi that would fulfill requests and do the
>trick.
IIUC, mod_auth_sspi now lets you do user impersonation on Win32.
http://www.syneapps.com/software/mod_auth_sspi/
The module compiled for 2.0.42-.43 should load on any later version of 2.0,
but it appears Tim is busy with other things. I encourage you to try it though.
Bill
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org