[TriLUG] PHP "trusted connection" w/ MSSQL (this is mostly a PHP question)

Jeremy Portzer jeremyp at pobox.com
Wed Dec 15 21:24:41 EST 2004 

David,

I think I see what you're after:  You want to be able to have
authenticated Windows users browse to your Linux/Apache/PHP page without
being challenged for their credentials, right?  (And/or get these
credentials passed along to SQL Server, if appropriate.)

I don't think this is possible with Apache, because IIRC, IE and IIS 
communicate this authentication data in some unique, 
non-standard-compliant way.  (Actually, I think the HTTP protocol allows 
for extentions of the authentication scheme beyond Basic Authentication, 
so it's not *totally* standards-breaking, but it's not something that 
other browsers and web servers would easily support IIRC.)  

I suppose it might be possible that someone has written an Apache module
that does this, but I don't know what it might be called, or how that
might interact with PHP.

Jeremy

On Wed, 15 Dec 2004, David McDowell wrote:

> I'm hoping I'm going to bump into someone who has done this, but so
> far, I seem to be one of the only nutcases around here doing it.  :)
> 
> Ok... here's the setup: LA(MSSQL)P on both FC1 and FC3 currently.  At
> this time I'm just working with the FC1 system for this.  There is
> supposedly such a thing called a "trusted connection" in Microsoft's
> world.  Those of us who work with Microsoft products all know this is
> more or less background authentication of sorts... sign in once, get
> authenticated everywhere.  Easiest example is to say, sign into your
> WinXP on a windows domain with AD, open Access Data Project as your
> front end app to MSSQL which has domain user accounts listed with
> certain roles and permissions defined in the database.  This means no
> permissions tables for the app, but defined roles, in other words,
> permission delegated by the database, not a permissions table and
> coding.  In all the above steps just mentioned, you only signed in
> once, but Access and MSSQL were able to authenticate you to do what
> you are allowed to.
> 
> Now, PHP with Apache on Linux isn't quite the same as PHP on that
> Microsoft web whatever unmentionable.  :)  I have mod_auth_ldap setup
> with Apache on Linux which authenticates users against the Microsoft
> AD without any problems.  Now PHP has $_SERVER('PHP_AUTH_USER') and
> $_SERVER('PHP_AUTH_PW') in which those values are defined after
> someone logs into the website.  I have run across a couple things such
> as mssql.secure_connection as something to be added to the php.ini
> that I found on this page: http://us2.php.net/mssql --- However, I
> fear this is only PHP on win32 platform.
> 
> If you are still with me and haven't scoff at MSSQL yet (I have but I
> have to use it), any ideas or suggestions from someone who might have
> this experience would be helpful!
> 
> thanks,
> David McD
> 

-- 
/---------------------------------------------------------------------\
| Jeremy Portzer        jeremyp at pobox.com      trilug.org/~jeremy     |
| GPG Fingerprint: 712D 77C7 AB2D 2130 989F  E135 6F9F F7BC CC1A 7B92 |
\---------------------------------------------------------------------/

More information about the TriLUG mailing list