Logon_User from Apache under Win32

Anon

Hello all, I've got a good one for you 😉

Running Win2K professional, Apache, PHP

Is there ANY way to get the logon username?
apache doesn't provide it like IIS does, if I make a windows API call to getlogonuser from a php page it returns the system account that apache is running under, If I make a getenv call it returns the apache environment, not the windows environment 🙁
likewise with shell(), system(), and passthru()

I've been searching for a while now, tried all kinds of things..... can anyone brighten my week? even if it's an API call or reading a reliable registry key under HKEY_CURRENT_USER

ame12

Any reason you don't run PHP under IIS (CGI will work fine)? You're going to undergo a lot of pain for very little benefit trying to duplicate NT ACL (NTFS) support under Apache.

Dave

===========================================
http://badblue.com/helpphp.htm
Free small footprint web server for Windows

PHP, file-sharing, Access/Excel transcoding

Anon

I don't have control of the server software. I can administer it for the most part, but the decision on what server to run is made at a higher level than mine. also, it would require recoding quite a few existing pages that use apache-specific modules. we may have to continue to use a login page to identify the user on a per-session basis. I was just hoping to simplify things for the user by only requiring a single logon (to windows 2K) without an additional logon to the web server for our corporate intranet.
I don't need to duplicate NT ACL, just find a transparent method to simulate 1 piece of it. All sensitive / secure data has it's own security and login procedures, I just need an identifier for the user (rather than the machine) to set user preferences, etc. and yes, I have considered cookies 🙂
Due to our environment, both technical and political, cookies are considered a "Bad Thing®" here. <shrug>

hotgazpacho

IIS on Win2K Pro is limited to 10 concurrent connections, and with each visiting browser making 4-5 connections PER request, this limits you to 2 concurrent users.

Not a problem with Apache.

Apache also isn't susceptable to Visual Basic Script features, I mean viruses, for IIS.

As for the username thing, try

passthru("set")

and parsing the results for USERNAME.

Anon

You can use mod_NTLM for Apache to authenticate against an NT domain, and this will provide you with a username of the form DOMAIN\USERNAME.

Anon

I was e-mailed about this thread, and it is similar to one I posted back in February. Like Robb, I was trying to determine the username on a remote workstation. I've used mod_ntlm and it works fine for authentication, but that isn't actually the objective here.

As I understand it, the way mod_ntlm basically works is to pass the SID information from a remote workstation to a PDC/BDC, which does the decryption and authentication of the SID contents. The PDC/BDC then returns a result code to mod_ntlm, and based on that result code the user is either granted or denied access to the requested resource. So mod_ntlm never actually sees a plaintext username. 8(

We tried doing some funky stuff with uudecode to get the username out of the data that mod_ntlm hands off, and got to where we could actually see it most of the time. It was a pretty wild hack that we didn't want to put in a production environment, though, especially since it wasn't 100% reliable.

Having said all this, there could be something I've missed. So if anyone has found a way to obtain the username on a remote NT4/W2K machine and put it into a PHP variable (on a Unix/Apache server, mind you!), I'd love to hear about it. Thanks!

--Andy

pblamire

Once the user has successfully logged in, the username will be accessable from the Apache 'username' environment variable. The best way to do it, is log in once to a PHP page that starts a session, that way you don't end up continually authing against the PDC which will introduce time lags every time the user loads a page. BTW, the username will be of the form DOMAIN/USERNAME so be ready to strip out the domain info if you want to use the username to check against a DB field.

Cheers

Paul

Anon

Hi there,

I have been trying to get hold of a copy of mod_ntlm as mentioned in this thread to do exactly what has been mention on Apache/PHP on Win2K.

I cannot locate the actual mod_ntlm however, can someone please tell me where to find it.. I have tried apache.org, sourceforge and the old search engines to no joy.

Thanks in advance.

Rob

Anon

I believe you want to refer to this:

http://www.syneapps.com/software/mod_ntlm/

You can then refer to the REMOTE_USER session var.

Anon

I'm trying to get mod_ntlm working now, but a trick I've been using for some time is to redirect to a short script on an IIS system that retrieves the login username, encodes it, and then redirects it back to the linux/apache/php system where the username is set as a session variable. This way I only ping the IIS system once at the beginning of a session. It works fine other than I have to rely on a NT server for authentication and since the NT server seems to fail about once a month or so ...