Hi, i use apache 2.4 on windows and i am trying to use the SSO on windows apache, using the mod_authnz_sspi, but the website apachehaus.net containing this mod is down, and there is no other link anywehere ?
i tried other mod, but none is working.
Anyone Can give me a link to this mod, or is there an other mod working for SSO ?
thanks a lot
x64 or x86
Quote from: Gregg on April 19, 2023, 02:08:56 AMx64 or x86
Ho ho, thanks, both if possible
Thanks a lot.
here's one
The other
Thanks a lot !! you will plz other people too :)
Thank you so much :)
Thanks a lot !
Quote from: Gregg on April 19, 2023, 09:13:55 PMThe other
Thank you Gregg for this great module. It's working perfectly... until I move my app under a Virtual Host. It seems SSPI is not working with virtual hosts (not trusted).
Could you please then tell me if this problem is occuring with the NTLM module as well.
And what is the main difference between the "SSPI" and the "SSPI NTLM based" modules?
SSPI is able do it in Kerberos as well (if no NTLM work) and the "SSPI NTLM based" one is only pure NTLM?
Thank you again.
Security Support Provider Interface (SSPI). SSPI is the implementation of the Generic Security Services API (GSSAPI) in Windows Server operating systems. For more information about GSSAPI, see the IETF RFC database in RFC 2743 and RFC 2744.
It is pure NTLM. No Kerberos. We never got Kerberos authentication working on Windows.
A working vhost example
<VirtualHost *:80>
ServerName some.domain.com
DocumentRoot "/some/path/local"
<Directory "/some/path/local">
Options my-options
AllowOverride AuthConfig my-other-overrides
# Require all granted
<IfModule authnz_sspi_module>
AuthName "SSPI Protected Place"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
# Should you need to force the login prompt, uncomment the next line
# SSPIBasicPreferred On
SSPIOfferSSPI On
SSPIOmitDomain On
<RequireAll>
<RequireAny>
Require valid-sspi-user
# Require valid-user
</RequireAny>
<RequireNone>
Require user "ANONYMOUS LOGON"
</RequireNone>
</RequireAll>
</IfModule>
</Directory>
</VirtualHost>
Quote from: mario on February 07, 2024, 09:10:51 AMIt is pure NTLM. No Kerberos. We never got Kerberos authentication working on Windows.
OK thanks for the info... in that case I can stop trying to get Kerberos working with the SSPI module :)
But at the end, should I use mod_authnz_sspi or rather mod_auth_ntml which seems to be 1 year newer?
I've already set up mod_authnz_sspi with no problems on my configuration (only the VirtualHost bothers me, but nothing serious) but I can change for NTML if needed.
Is there any difference behind?
For Apache 2.4 you have to use mod_authn_ntlm in this case. There is https://github.com/TQsoft-GmbH/mod_authn_ntlm with good documentation.
newer binaries than on GitHub can be found on our download page https://www.apachehaus.com/cgi-bin/download.plx
Quote from: mario on February 07, 2024, 09:10:51 AMIt is pure NTLM. No Kerberos. We never got Kerberos authentication working on Windows.
But, Why ? Windows can make kerberos auth (IIS) . Some Java web server too. (with a keytab)
I dont understand what is the problem to support this feature for windows
Quote from: oytoch on February 13, 2024, 09:54:49 PMBut, Why ? Windows can make kerberos auth (IIS) . Some Java web server too. (with a keytab)
I dont understand what is the problem to support this feature for windows
if you know how to feel free to contribute to httpd Apache it is Open Source.
It's not a criticism but a questioning. I'm not qualified to do it, but I wonder about it. Even if few people need it, it's still an important safety feature.
If i find something (one day) , I will come back here.