i work at a company where all my web-applications connect to the LDAP-Directories or the AD for Authentication and/or Authorisation purposes. Generally this works quite well. Nowadays though - especially due to the latest introdution to SP2010 - people are looking forward to single sign ons and don't wanna re-login.

So my Question:

Is there any way to make PHP Claim the Authentication from Windows? I mean sure SharePoint does it with WIF on IIS - maybe theres a way PHP is as awesome :P

My quick google didnt bring up any great results, so my hopes aren't up too high, but i figured asking you guys might be worth a shot. Thanks in advance - happy new year!

There's no simple way to implement this in pure PHP. I've had the exact same task and done it, but the whole solution involves raw HTTP/1.1, NTLM and SMB (Windows share) over TCP/UDP/NetBIOS - at the least. Each of those alone is complicated enough and PHP hasn't got any extensions to help with them.

There is an "Apache way" though:

• mod_auth_sspi (if you're running on Windows)
• mod_auth_ntlm (I think this only works with Apache <= 1.3)
• libapache2-authenntlm-perl (there are reports that this one causes the web server to hang after receiving a large number of requests)
• mod_auth_kerb (haven't used this one, but NTLM is replaced by a Microsoft implementation of KerberosV5 and it's the most modern solution available; however, it requires additional server configuration)