My 2cents... NTLM support is non-existant from m$ as of 12/2003. nt4 also. It's not a big deal until you need a patch, and with Security, you don't want to need a patch for that. IMO. I'd go with ldap (not saying that the m$ solution is pure ldap, but every NT organization has to face either Active Directory or something else eventually) Or something else... but I'd def. shelve NTLM for any development as of last month. Just an opinion. Bobb ----- Original Message ----- From: "Matt Hamilton" <matth@netsight.co.uk> To: <zope@zope.org> Sent: Sunday, January 18, 2004 11:25 AM Subject: [Zope] NTLM authentication

Dear All,

We are working with an organisation that wish to use NTLM HTTP authenication with Zope. They currently use MSIE and IIS and are able to use the original login credentials supplied when the use logged in to their workstation. So far we have identified two possible routes, both involve using Zope in REMOTE_USER mode (something in front of Zope does then authentication, Zope then does the authorisation based on the REMOTE_USER variable):

1) Use Zope with/behind IIS and use IIS to do the authentication 2) Use Apache in front of Zope and mod_ntlm to do authentication

Has anyone else tried this any experiences to report? We have not finalised the server platform yet, so are open to both Windows and unix based solutions, however all being equal we would prefer unix as we may be using certain external libraries (PIL, gd, gs, etc.).

-Matt

--

Matt Hamilton matth@netsight.co.uk Netsight Internet Solutions, Ltd. Business Vision on the Internet http://www.netsight.co.uk +44 (0)117 9090901 Web Hosting | Web Design | Domain Names | Co-location | DB Integration

_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )