Page 1 of 1

$_SERVER['REMOTE_USER'] doesnt return value

PostPosted: 16. January 2007 17:28
by psyper
Hi,

I'm trying to setup a company intranet using xampp on a local server. Rather than people having to login to two different usernames I thought it would be a good idea to get hold of their DOMAIN/username and use that to work out if they should have access to the site or not. but no matter what I do in php I cant seem to get remote_user to work!! I can use other $_SERVER variables such as HTTP_HOST and DOCUMENT_ROOT etc but not REMOTE_USER!!

What am i doing wrong?

PostPosted: 16. January 2007 17:44
by Wiedmann
There is only a value in "$_SERVER['REMOTE_USER']", if the user is authentificated throught Apache (e.g. mod_auth_basic)

PostPosted: 16. January 2007 17:47
by psyper
:oops: sorry.

Is there anyway to get the details from windows domain?

PostPosted: 16. January 2007 17:52
by Wiedmann
Is there anyway to get the details from windows domain?

In this case you must use mod_auth_sspi for the Apache authentication (NTLM auth).

PostPosted: 16. January 2007 18:43
by psyper
I found the add on: http://addons.xampp.org/cgi-bin/search.pl?pid=8

but im not sure if this is the correct one and its rather confusing it install

PostPosted: 16. January 2007 19:34
by Wiedmann
I found the add on: http://...

"mod_auth_sspi is included in the XAMPP package."

but im not sure if this is the correct one and its rather confusing it install


mod_auth_sspi readme wrote:Basic installation instructions:

1. Add the module to the server's config file.
Typically you'll do this by adding something like the following to your
httpd.conf:

LoadModule sspi_auth_module modules/mod_auth_sspi.so

Make it the last module loaded if you can.

2. Protect a directory or location.
You can put these directives inside the httpd.conf file, or inside .htaccess
files if AllowOverride AuthConfig is set.

<Directory "C:/SSPI">
AllowOverride None
Options None
Order allow,deny
Allow from all

AuthName "My Intranet"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On

require valid-user
</Directory>

3. If you plan to use Basic authentication, set the Apache service to run as
a valid local or domain user. Failure to do so will result in clients getting
400 Bad Request or 500 Internal Server Error responses.

==========

That's about it! A brief discussion of the other options (copied verbatim from
the source):

SSPIAuth - set to 'on' to activate SSPI authentication here
SSPIOfferSSPI - set to 'off' to allow access control to be passed
along to lower modules if the UserID is not known to
this module
SSPIAuthoritative - set to 'off' to allow access control to be passed
along to lower modules if the UserID is not known to
this module
SSPIOfferBasic - set to 'on' to allow the client to authenticate
against NT with 'Basic' authentication instead of
using the NTLM protocol
SSPIPackage - set to the name of the package you want to use to
authenticate users
SSPIDomain - set to the domain you want users authenticated
against for cleartext authentication - if not
specified, the local machine, then all trusted
domains are checked
SSPIBasicPreferred - set to 'on' if you want basic authentication to be
the higher priority
SSPIMSIE3Hack - set to 'on' if you expect MSIE 3 clients to be using
this server

The require directive can take the following forms (based on the old
mod_auth):

require valid-user # any valid user will do, useful for logging
# who accessed each file, for example
require user DOMAIN\Username # require a specific user
require group DOMAIN\Groupname # require a group member
require user "NT DOMAIN\User name"
# require a user with spaces in logon id