December 9, 2005
Unix-based NTLM Authentication Server
This is crazy, this afternoon I'm looking into ways to build a Windows authentication mechanism (using NTLM) on one of our Unix servers.
We've been talking to Real Networks about authenticating users before providing Real streams. The current Real authentication allows you to either manually manage user accounts through the admin tool or use Windows authentication. Neither will work for us. With thousands of users in our system there's no way we're going to manually control who can or can't look at a clip.
So I turn to the second option, NT authentication. We have 0 experience with NTLM, and nery a Windows box in sight, but it's something, which is better than nothing. Apparently the Real server can tie into Windows authentication to ask if a user is allowed to view a clip. From our conversation with Real, the authentication mechanism is to grab a username and password from the URL, pass it off to the NTLM server and allow/deny based on the response.
So in my head I think "if only we could get a Unix-based NTLM service that we could hack to work with MySQL." There's a lot of stuff out there for tying various applications to NTLM, but not much in the way of offering an NTLM service. After some digging around I've stumbled onto the NTLM Authorization Proxy Server, which appears to be designed to pass requests off to a real NTLM service but also indicates that it can stand alone. As far as hacking the code to work with MySQL, it's written in Python and is open source.
So that's a start. I'm not sure how important this is, and I'm really supposed to be working on something else (actually many something elses). This looks like a cool thing to play with so I'm sure I'll find time to hack around on it. More to come if that happens . . .
Posted by mike at December 9, 2005 3:20 PM