I did previously work with a bank, which had a really awesome feature in it's intranet. When you drenched inside your computer, there have been global variables occur PHP through Apache, plus they contained the identity from the user which was drenched on on the pc. Now I am in a job, and I am wondering, how this factor labored! I must implement this type of factor once more.

What I am dealing with here:

  • FreeBSD server, version is unknown in my experience.
  • Apache 2.2 web server
  • PHP 5, some custom compilation, that for a number of reasons, I can not upgrade or modify.
  • MS AD
  • All the customers logging onto their computer systems are utilizing active directory, each one is within the same domain.

What I previously had was something similar to this:

echo $_SERVER['username']

which may print the username from the user presently drenched in.

Could someone explain, how this may be done?

P.S. If some of my server configurations aren't what's needed, let them know, because i quickly may have grounds to request the bosses to provide me among my very own, with increased control.

There are many ways this can be implemented. However many of them rely on getting treatments for the customer along with the server.

Apparent causes of data include:

  • NTLM
  • Client side certificates
  • The Ident protocol (not so secure with no file encryption extensions)
  • A lengthy lasting cookie (again, not secure)
  • HTTP authentication techniques

However none of those explain the way the value made an appearance within the session - this should have been implemented inside the PHP code.

So not understanding the way it was implemented at the previous site we can not let you know:

  • Whether or not this was secure and properly implemented
  • how you can replicate the behavior

Given your resource list, while it might be easy to implement authentication according to direct LDAP calls, passing the password using your application, I'd highly recommend using (e.g.) openId - but restricting the companies to simply your openid provider - which may make use of the MSAD because the after sales.

I didn't understand properly the question, and so i edit my publish...

you could utilize apache auth, you may make auth by ip's or hostnames

http://httpd.apache.org/paperwork/2./en/howto/auth.html