Apache 2.0 module mod_auth_sspi

Important notice

I don't have easy access to a computer (let alone a development machine) anymore, so unfortunately I cannot do any further work on this module.

Any emails I receive in connection with mod_auth_sspi or mod_ntlm will not be read. Sorry for any inconvenience caused.

Overview

mod_auth_sspi is the successor to mod_ntlm.

The current release works with Apache 2.0.40 and later releases.

mod_auth_sspi is a module written for the Windows NT/2000 version of Apache. It allows Microsoft Internet Explorer (version 3 and up), and Windows clients that use the WININET API to authenticate using any of the authentication protocols built into the Windows Security Support Provider Interface (SSPI). It allows an Apache/NT web server administrator to use the existing NT security infrastructure to authenticate users.

Mod_auth_sspi processes user access restrictions just like the rest of Apache. That is, you put a require directive into the appropriate .htaccess or <Directory> configuration section, and authentication will be performed.

Mod_auth_sspi is probably most useful in intranets. Authentication can happen transparently, using the user's current username and password - however, basic authentication is still supported.

Requirements

mod_auth_sspi's requirements:

Microsoft Windows NT or 2000 (server version if > 10 simultaneous network connections)
Apache 2.0.42 (~4M)

Additionally, to compile from source Microsoft Visual C++ version 6 is required.

Current version: 1.0.4

Created separate binary and source distributions [1.0.1]
Corrected a problem where clients using basic authentication would be denied access to a resource if they had entered their credentials incorrectly on the same connection [1.0.0]
Added more detailed error messages for authentication failures, including reasons for Windows API failures [1.0.0]
Added version information to the binary [0.9]
Added documentation on how to debug the module [0.9]
Finally fixed a bug where mod_auth_sspi incorrectly sent Proxy-Authenticate: headers for content that was reverse-proxied, instead of WWW-Authenticate: headers [0.8]
Updated to compile and run with Apache 2.0.39 [0.7]

Binaries for Apache 2.0.58 and 2.2.2

This document was last updated Tuesday, 19 December 2006.