NT authentication via PHP on linux

gblake

(are you scared yet?)

Okay. So I was thinking about this project I'm working on. I'm running apache+php under linux, but all of our users are NT people. I was thinking that it would be really neat to be able to have them log in and authenticate them via the NT domain they are a part of.

Has anyone run into anything that could do this? I'm thinking maybe there might be some utility that is part of samba that I might be able to exec, but I don't really know samba that well.

Anyone have any ideas?
Gregory

jbloom

You could use smbclient to try to access a known NT service using a user-supplied username and password:

<?php

$servicename = "//server/share";
$username = "pduser";
$password = "userpass";

exec("/usr/bin/smbclient '$servicename' '$password' -U '$username' -c exit", $dummy, $loginfail);

if ($loginfail)
echo "Login failed";

If the user is privileged to access the specified servicename, the login should work. Otherwise it should fail with $loginfail<>0.

Note that if the user is supplying a password to a Web page not via SSL, you've got unencrypted passwords floating around -- a packet sniffer's heaven. It's best to think through the security implications before doing anything like this.