Friday, April 04, 2008

NTLM authentication in Apache

NTLM authentication is Microsoft's way to enable Windows users to transparently (i.e. without entering user name and password) authenticate to web sites. Apache can support this style of authentication too with mod_auth_ntlm_winbind. This module is developed as part of Samba. It is available in Fedora. More information on it can be found here: http://adldap.sourceforge.net/wiki/doku.php?id=mod_auth_ntlm_winbind, including the basic information on how to install and configure this module.

An important piece of information that I didn't see mentioned by any documentation and that I discovered the hard way is that Apache's KeepAlive directive should be on, otherwise NTLM authentication doesn't work. Unfortunately Fedora 7 default httpd.conf has "KeepAlive off" (don't know why). So, one has to turn it into "KeepAlive on" to use mod_auth_ntlm_winbind. With keep-alives turned on, it works great.

Post a Comment