那么,故事是什么
我想在Apache中启用NTLM auth并且已经安装了ntlm库(mod_auth_ntlm),安装了必要的VS可再发行组件并将以下字符串放到httpd.conf
LoadModule auth_ntlm_module modules/mod_authn_ntlm.so
<Location /test >
AuthType NTLM
NTLMAuth on
NTLMAuthoritative on
NTLMOfferBasic off
<RequireAll>
<RequireAny>
Require valid-user
</RequireAny>
</RequireAll>
</Location>
启动phpinfo - 并且没有像REMOTE_USER这样的变量,但是ntlm库已成功加载
除了/ test文件夹外,Web服务器上的任何文件夹都可以访问 - 它只返回错误500 Apache error.log包含以下字符串:
[Wed Feb 24 14:54:46.231132 2016] [authn_core:error] [pid 668:tid 1776] [client 10.16.66.19:53872] AH01796: AuthType NTLM configured without corresponding module
那么,有什么收获?还有其他可能性吗?
答案 0 :(得分:0)
找到解决方案!
不过,它不是NTLM库,而是SSPI(mod-authn-sspi)
下载正确版本的SSPI库(如果是Apache 2.4,则应为mod_authnz_sspi)
解压缩并将.so文件放入Apache / modules目录
LoadModule authnz_sspi_module modules/mod_authnz_sspi.so
<Directory "/test">
AllowOverride None
Options None
Order allow,deny
Allow from all
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIDomain KL
Require valid-user
</Directory>
AuthName "authoriz"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
require valid-user
当然,您可以更改AuthName
<?php
$cred = explode('\\',$_SERVER['REMOTE_USER']);
if (count($cred) == 1) array_unshift($cred, "(no domain info - perhaps SSPIOmitDomain is On)");
list($domain, $user) = $cred;
echo "You appear to be user <B>$user</B><BR/>";
echo "logged into the Windows NT domain <B>$domain</B>";
?>
应该工作!