基于Apache2的windows集成认证

昨天占了个坑， 今天来编辑

我这次选用的是AuthenNTLM来做Apache2的集成认证工具

1. 安装Perl 模块用于编译安装 AuthenNTLM （我的OS是Ubuntu）
        aptitude install libapache2-mod-perl

2. 下载AuthenNTLM

http://search.cpan.org/~speeves/Apache-AuthenNTLM-2.10

过程很common

make

make install

3.    安装

aptitude install libapache2-authenntlm-perl
 

4.    Edit the Apache configuration and enable KeepAlive  /etc/apache2/apche2.conf

KeepAlive On

 

5.   在hosts（/etc/hosts）文件中 编辑PDC (原因： NTLM只能识别不超过16字节的域名)

172.16.5.1      PDC01

6.    In /etc/apache2/sites-available/000-default add:

 Alias /iwa "/home/yangchun/yangchun_kss/iwa/"
    <Location "/iwa">
        # Enable the Authentication module
        PerlAuthenHandler Apache2::AuthenNTLM

        # Do NTLM and basic authentication
        AuthType ntlm,basic

        # The name that should be displayed in the Auth box, if NTLM fails.
        # This will not succeed on our setup where apache is not configured to authenticate on its own
        AuthName hengtiansoftcom

        # Ask for a valid user.
        require valid-user

        #                    domain      pdc         bdc
        # Domain : Your windows domain
        # pdc : Primary Domain Controller
        # bdc : Backup Domain controller.
        #
        # Note : Multiple domains can be specified.

        #PerlAddVar ntdomain  "OURDOMAIN  domainpdc domainsdc"
        PerlAddVar ntdomain  "Domain PDC01 PDC02"

        # What should be the default domain
        PerlSetVar defaultdomain Domain

        # The user names are in the form "OURDOMAIN\user_name". Let us split it.
        PerlSetVar splitdomainprefix 1

        # Set the debug variables
        PerlSetVar ntlmdebug 0
        PerlSetVar ntlmauthoritative off

   </Location>

7 重启， 这样可以得到REMOTE_USER 变量用于验证