SSPI, Treat wrong credentials as anonymous user

Neil

6/27/24, 12:05 PM

I'm running apache 2.4 with xampp, and so far my sspi works well with mod_authnz_sspi.

I would like to accept all users, but get their name in $_SERVER['REMOTE_USER'] if they are in my active directory to display some more tabs.

I'm currenlty accepting both users that are in my active directory and anonymous users with Require valid-user, but if a user isn't in my AD, or enters wrong credentials, or is on a raspberry I would like to treat him as an anonymous user, but apache currently rejects the connection because of the 'Require valid-user'.

I tried adding Require all granted on the side, but it takes priority over Require valid-user, and I cant retrieve the $_SERVER['REMOTE_USER'] in php.

LoadModule authnz_sspi_module modules/mod_authnz_sspi.so

<Directory "C:/xampp/htdocs">
    Options Indexes FollowSymLinks Includes ExecCGI
    AllowOverride All

    Order allow,deny
    Allow from all
    AuthType SSPI
    SSPIDomain X.X.X.X
    SSPIAuth on
    SSPIOfferSSPI on
    SSPIAuthoritative on
    SSPIPerRequestAuth on
    SSPIOmitDomain on
    SSPIUsernameCase lower

    #Require all granted
    Require valid-user

</Directory>

Is it possible to retireve $_SERVER['REMOTE_USER'] while still accepting all connections ?

0 + 2

active-directory

authentication

httpd.conf

apache-2.4

Gabriel Luci

6/27/24, 5:08 PM

I've done something like this in .NET. You could probably replicate it. I just recently described how I did it to someone else in this answer: https://stackoverflow.com/a/76484330/1202807

Neil

6/28/24, 8:27 AM

I like the idea, not really needing a login page, but in my header sending an ajax request that may set a cookie if apache accepts the connection may work, Thanks ! (However it kinda feels like a hack and i cant imagine there is no clean way to do it with apache directives)

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: SSPI, Treat wrong credentials as anonymous user

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.