I'm using mod_auth_sspi for the authentication. In this case I _do_ want Apache to impersonate the authenticated identity. We are authenticating internal domain users, and then need to serve pages according to what permissions they have. To make this work in IIS I click two checkboxes ... why is it so hard in Apache? Thanks, Tatham Oddie Fuel Advance - Ignite Your Idea www.fueladvance.com -----Original Message----- From: William A. Rowe, Jr. [mailto:wrowe@xxxxxxxxxxxxx] Sent: Tuesday, 13 December 2005 10:10 AM To: users@xxxxxxxxxxxxxxxx Subject: Re: [users@httpd] Windows ACL Wishes Web users != Local machine users. And in fact, it's somewhat dangerous to do so. That said, you might look up mod_auth_sspi. I found a reference over here; http://www.deadbeef.com/index.php/mod_auth_sspi Tatham Oddie (Fuel Advance) wrote: > Hi all, > > I'm trying to setup an Apache 2.0 server that just acts as a simple, > read-only, access-anywhere interface to some of our internal folders. > > We are running Apache 2.0.54 on a Windows Server 2003 machine, which is also > a domain controller. > > I have the virtual root working well. > I have the directory listings working well. > I have SSPI authentication against our Windows 2003 domain working well. > > However, Apache always accesses the folder from the account that is running > under rendering Windows ACLs useless. > > Is there any way that either: > > - the server can impersonate the authenticated user (like IIS can) > > Or > > - the server can check the Windows ACLs > > > Any help on this is greatly appreciated. Thank you in advance. > > > Thanks, > > Tatham Oddie > Fuel Advance - Ignite Your Idea > www.fueladvance.com > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > . > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|