Admins can now enable access control their the drupal directory via their webserver (e.g. http auth, NTLM, .htaccess)
and with this module, Drupal honor's the web server's authentication.

** Bob Vincent <bob@html.com> **

To get get this working on Debian Etch with winbind and auth_pam,
first set up a local Samba server and join it to your NT Domain.

Then modify drupal's apache.conf as follows:

Alias /drupal /usr/share/drupal-5.0
<Directory /usr/share/drupal-5.0/>
	Options +FollowSymLinks
	AllowOverride All
	order allow,deny
	allow from all
	AuthName "Private Intranet"
	AuthType NTLM
	AuthType Negotiate
	NTLMAuth on
	NTLMBasicAuth on
	NTLMBasicAuthoritative on
	NTLMBasicRealm LOCALDOMAIN
	NTLMAuthHelper "/usr/bin/ntlm_auth --domain=LOCALDOMAIN --helper-protocol=squid-2.5-ntlmssp"
	NegotiateAuthHelper "/usr/bin/ntlm_auth --domain=LOCALDOMAIN --helper-protocol=squid-2.5-ntlmssp"
	PlaintextAuthHelper "/usr/bin/ntlm_auth --domain=LOCALDOMAIN --helper-protocol=squid-2.5-basic"
	AuthPam_Enabled on
	AuthPam_Fallthrough off
	Require valid-user
</Directory>

Replace LOCALDOMAIN with your local domain name.

I've got the following apache mods enabled; not sure which ones are actually necessary, 
but I'm currently at the "If it ain't broke don't fix it" stage:

     alias
     auth_basic
     authn_file
     auth_ntlm_winbind
     auth_pam
     authz_default
     authz_user
     autoindex
     cgi
     dir
     env
     expires
     mime
     negotiation
     php4
     rewrite
     setenvif
     status

Here's my /etc/pam.d/apache2 file:

auth	sufficient	pam_winbind.so
account	required	pam_winbind.so

Relevant portions of /etc/nsswitch.conf:

passwd:         compat winbind
group:          compat winbind
hosts:          files dns wins


     


  
