HTTP Authentication feature - patch proposed
In order to have automatic authentication without having to enter password, you can used the HTTP authentication : authentication is made by http server, and you can retreive login via $_SERVER['REMOTE_USER']. HTTP authentication can be made with those configuration IIS and NTLM integration (trivial) Apache and mod_auth_ntlm Apache2 and mod_auth_sspi The patch I proposed make 2 changes : In index.php, If $_SERVER['REMOTE_USER'] is not empty, then I redirect the user to login.php?login_name=<login> In login.php, I test at the beginning of the test series if http authentication is active (if I found a valid login in $_SERVER['REMOTE_USER']), then I retrieve all information needed. If I can't, then all the other test are made as initialy. My test is made before all other because $_POST['login_password'] is empty, and the following test try authenticate user against my active directory (tests failed because of the empty password). Because there is lots of test, and because my Active directory is configured to lock account after 5 failed test, I have rapidly some locked account.
#1 Updated by moyo about 15 years ago
- Status changed from New to Closed
Modification will not be integrated for the moment due to its specifity.
$_SERVER['REMOTE_USER'] may be used for others authentification and may cause trouble for others system.
Maybe something more generical may be integrated in the future.