What I'm trying to do:
Create a home page on our company's intranet that automatically grabs the logged-in Windows username of the person viewing the page without the person being prompted to enter these credentials when the page loads.
Currently, I just want it to grab the local username, since it'll be awhile before our IT guys get a domain setup. For example, right now I'd want it to capture the "(PC-Name)\windows.user.name" without any prompts.
Environment:
Apache 2.2.21 on Windows 7 x64 (will be on CentOS once it's in production).
PHP 5.3.8 (VC9-ZTS).
Internet Explorer 9.0.8x and Firefox 6.0.2 (will worry about Chrome later).
Current test page is just a PHP script calling print_r( $_SERVER ).
To keep things simple, the directory I'm testing this on is not a VirtualHost.
Steps I've taken thus far:
Downloaded mod_sspi_1.0.4-2.2.2 from SourceForge and extracted mod_auth_sspi.so to the Apache modules directory.
Added the module declaration:
LoadModule sspi_auth_module modules/mod_auth_sspi.so
Added the directory definition:
AllowOverride None Options None Order allow,deny Allow from all
AuthName "My Intranet" AuthType SSPI SSPIAuth On SSPIAuthoritative Off require valid-user
Enabled Integrated Authentication in Firefox by going to about:config and setting network.automatic-ntlm-auth.trusted-uris to the absolute URL path of the PHP script then restarted Firefox.
I haven't done the equivalent step in IE yet but I will once I get Firefox working as that's our primary supported browser internally.
Restarted Apache and attempted to load the test PHP script.
The result:
- In both IE and Firefox, I get prompted for a username and password before the page loads. I don't want that prompt. I want the username to be detected automatically without a prompt.
Troubleshooting thus far:
I've tried cycling through the various SSPI options, such as authritative on/off and whatnot. No effect.
Prompt no longer appears if I remove "require valid-user", but then the username is not passed, either (it isn't NULL; simply not set in the array period).
If I hit "Cancel" on the prompt, I get the standard "Authentication Required" page.
If I enter an invalid username, or the correct username but with the wrong password, the page will load but the username will be "(PC-Name)\Guest".
If I enter the correct username/password, then the username is displayed instead of Guest.
Once I enter a username/password in IE or Firefox, the browser remembers that username on subsequent page loads until I clear the stored passwords cache or restart the browser.
I've spent the last 3 or so hours Googling and random guessing. Zero success. I've found a few isolated forum posts of people asking this question, but either they went unanswered or offered solutions that I've already tried without success.
Again, what I want is for the page to load, WITHOUT any prompting, and display the currently logged-on Windows username in the $_SERVER array output.
As far as I can fathom, this is either: A Windows configuration issue, an Apache configuration issue, or a browser configuration issue. Other than that, I'm fresh out of ideas.
I would be very grateful for any help you can offer. Thanks!
--Kris