Apache module mod_ntlm

Important notice

I don't have easy access to a computer (let alone a development machine) anymore, so unfortunately I cannot do any further work on this module.

Any emails I receive in connection with mod_ntlm or mod_auth_sspi will not be read. Sorry for any inconvenience caused.

Overview

Mod_ntlm is stable and no longer maintained - version 1.3 is the latest release, and no more are expected. mod_auth_sspi is the version of mod_ntlm for Apache-2.0.

Mod_ntlm is a module written for the Windows NT version of Apache. It allows Microsoft Internet Explorer (version 3 and up), and Windows clients that use the WININET API to authenticate using the NTLM authentication protocol. From the server's side, it allows an Apache/NT web server to use the existing NT security infrastructure.

Mod_ntlm does user access restrictions just like the rest of Apache. That is, you put a require directive into the appropriate .htaccess or <Directory> configuration section, and authentication will be performed.

Mod_ntlm is probably most useful in intranet situations. Authentication can happen transparently, using the user's current username and password. However, basic authentication is still supported - it is possible to authenticate against NT or a basic auth file.

Requirements

Mod_ntlm's requirements:

Microsoft Windows NT (server version if > 10 simultaneous network connections)
Apache 1.3.20 or above (~3M)

Additionally, to compile from source the following are required:

Microsoft Visual C++ version 6; or
Microsoft Visual C++ version 5 and the Win32 Platform SDK Build Environment (~10M)

Current version: 1.3

Cosmetic changes - the module's filename is now mod_ntlm.so, and has been recompiled with Apache 1.3.20 [1.3]
Version 1.1 didn't work at all. The bugfix for POSTing caused all requests with subrequests (the majority) to fail with a 400 Server Error. Another fix has been committed. [1.2]
The bug that stopped POSTing to forms on a keepalive connection has been fixed. [1.1]
User and group name checking is now case insensitive. [1.0]
Group names must now be qualified with a domain name, in the form DOMAIN\group. [0.6]
The code has been revisited and cleaned up in several areas. [0.5]
Problems with basic authentication against Windows NT domains other than the default should hopefully have been fixed in this release. [0.4]

Version 1.3 source code and binaries

Version 1.2 source code and binaries

More Information

This document was last updated Wednesday, 5 March 2003.