domain user

[louis]

Hi,

I've created an application in Perl but I have to build some security in it.
The application runs on a Linux-server with apache as web-server. The
Linux-server operates in an NT4-domain. The application is only vailable for
internal use (not on internet).
When the user starts his PC, he has to log on to the domain to get the
normal netwerk-facilities (mail, netwerkacces, ...)
Is there a way I can get this username (domain-user) to check who is asking
a web-page (executing of a perl script on the server). so I don't have to
ask the user a second time for a username and password and I create a single
sign-on.

thanks

Louis

 

[David K. Wall]

I've created an application in Perl but I have to build some
security in it. The application runs on a Linux-server with apache
as web-server. The Linux-server operates in an NT4-domain. The
application is only vailable for internal use (not on internet).
When the user starts his PC, he has to log on to the domain to get
the normal netwerk-facilities (mail, netwerkacces, ...)
Is there a way I can get this username (domain-user) to check who
is asking a web-page (executing of a perl script on the server).
so I don't have to ask the user a second time for a username and
password and I create a single sign-on.

Well, it really doesn't have much to do with Perl per se, but check
out the Windows NBTSTAT command. I know you're running on Linux, but
maybe you could use $ENV{REMOTE_ADDR} to get the IP address, send
that to a Windows server service or CGI program that returns the
userid?

I have to use a Windows machine as a web server, so I just run
NBTSTAT on the same machine and extract the userid from the output;
for example, something like

my $output = `NBTSTAT -A $ENV{REMOTE_ADDR}`;
my $userid;
if ($output =~ /some-regex/ ) {
$userid = $1;
}
else {
# didn't find a userid ...
}

....except that I have it in a module customized for my organization,
because machine names here always include the userid of the primary
user, so I use that as an alternate method.

I don't consider this very dependable, so I only use it to set a
default value in a form. The user can enter their password or stay
out -- after all, someone can always sneak into another person's
office and use their computer if it's left unguarded and unlocked.

 

[Ben Morrow]

I've created an application in Perl but I have to build some security in it.
The application runs on a Linux-server with apache as web-server. The
Linux-server operates in an NT4-domain. The application is only vailable for
internal use (not on internet).
When the user starts his PC, he has to log on to the domain to get the
normal netwerk-facilities (mail, netwerkacces, ...)
Is there a way I can get this username (domain-user) to check who is asking
a web-page (executing of a perl script on the server). so I don't have to
ask the user a second time for a username and password and I create a single
sign-on.

See http://modntlm.sourceforge.net/

Ben

 

[Bill]

Hi,

I've created an application in Perl but I have to build some security in it.
The application runs on a Linux-server with apache as web-server. The
Linux-server operates in an NT4-domain. The application is only vailable for
internal use (not on internet).
When the user starts his PC, he has to log on to the domain to get the
normal netwerk-facilities (mail, netwerkacces, ...)
Is there a way I can get this username (domain-user) to check who is asking
a web-page (executing of a perl script on the server). so I don't have to
ask the user a second time for a username and password and I create a single
sign-on.

There is a security issue here--do you want the user to be giving
arbitrary web servers even part of their internal network logon
information? I doubt it.

I suggest that you create a shared directory on the web server that
can be accessed as a network drive share and have the users access the
pages as drive-based web content, not http content. That way it is
possibly more secure, and the network login should allow the page
views.

Not that this has _anything_ to do with Perl.