Getting the logged on windows user in your apache server

I was recently involved in a discussion where a company was developing an intra-net site using Apache and PHP on a Windows server. All clients were windows and they wanted to know who was connecting to the intra-net site (only accessible inside the company firewall). And they wanted a SSO (single sign-on) experience for the users. They refused to switch to IIS and using integrated windows authentication.

Since they did not really wanted to authenticate users, just get a hint of who was connecting.  So faking a NTLM authentication request and then parsing the data would be enough. And the script for doing so is pretty easy too. Here is one script I copied from here.

Note that this is nothing you can use to authenticate users since there is no authentication taking place. And the user will, with a standard installed browser be prompted for user name and password and can write anything. The script just prints whatever is sent by the user. And there is also no SSO feel to this. In order to get the SSO feel you have to do one of two things. Either the user must add the site using this script to his "Trusted Intra-net sites" in IE. This is done via Tools-Internet Options-Security. Or the company can add a group policy in the Active Directory enforcing this. For a situation as the described intra-net site, the latter is obviously the best solution.


Skip to main content