为Apache设置Windows身份验证 [英] Setting Up Windows Authentication for Apache

问题描述

开始，我已经在互联网上搜索了大约一个小时，试图找出如何成功解决问题的方法-因此，我正在写这个问题.

To begin, I've been searching the internet for about an hour trying to find out how to do this with no success - therefore I'm writing this question.

我有一个Intranet站点，该站点需要访问用户Windows用户名(不是运行Apache的服务器，而是访问Intranet站点的用户).

I have an intranet site that requires to access the users Windows Username (not the server running Apache, but a user accessing the intranet site).

我已经安装了adLDAP，并使其能够在该位置登录，以检查该用户所在的组.但是，为了使我的站点更安全，我希望它访问Windows用户名.

I have installed adLDAP and have it working where a user can log in by that, to check the group that the user is in. But, to have my site more secure I'd rather it access the Windows username.

我已经看到有一个名为mod_auth_sspi的apache模块，但是我找不到如何在我的代码中安装它甚至实现(使用)它的方法.

I've saw that there's an apache module called mod_auth_sspi but I could not find how to install it or even implement (use) it in my code.

我正在Windows Server 2008上使用Apache v2.4，PHP 5.6.8.

I am using Apache v2.4, PHP 5.6.8 on Windows Server 2008.

推荐答案

所以...在经过几个小时的谷歌搜索后，我发现了如何做的事情……寻找答案的确应该更加直接，但尽管如此，这里是:

So... I found out how to do this after a few more hours of Googling ... it should really be more straight forward to find an answer, but nevertheless, here it is:

1)为您的系统下载以下模块(32位64位): https://www.apachehaus.net/modules/mod_authnz_sspi/

1) Download the following module for your system (32 bit of 64 bit): https://www.apachehaus.net/modules/mod_authnz_sspi/

2)将文件粘贴到modules文件夹中. /apache/modules/

2) Paste the file into your modules folder. /apache/modules/

3)编辑以下配置文件:

3) Edit the following configuration files:

3.1)php/php.ini:取消注释extension=php_ldap.dll行.

3.1) php/php.ini: Uncomment extension=php_ldap.dll line.

3.2)apache/conf/httpd.ini:将以下内容添加到LoadModules部分的末尾:

3.2) apache/conf/httpd.ini: Add the following to the end of the LoadModules Section:

LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so

3.3)找到<Directory标签，并删除开始和结束标签及其内容.然后粘贴以下内容:

3.3) Find the <Directory tag and delete the opening and closing tag, along with its contents. Then paste in the following:

<Directory /> 
Options None 
AllowOverride All 
Order allow,deny 
Allow from all 
AuthName intranet
AuthType SSPI 
SSPIAuth On 
SSPIAuthoritative On 
SSPIOfferBasic On 
SSPIOmitDomain On 
Require valid-user 
</Directory>

然后，重新启动Apache之后，一切都应该正常工作.通过<?php echo $_SERVER['PHP_AUTH_USER'] ?>

Then after restarting Apache, it all should work. Obtain the user name of the Windows user via <?php echo $_SERVER['PHP_AUTH_USER'] ?>

这篇关于为Apache设置Windows身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！