PHP: Use HTTP Digest Authentication response to authenticate with LDAP

921 views Asked by At

Could you tell me if I can use the HTTP Digest Authentication response to authenticating the user with LDAP? Could you let me see an example in PHP?

2

There are 2 answers

0
user8063037 On

It is important to note that even though you are using say, Digest authentication, it is entirely up to the backend systems to validate the credentials. Whether it is some backend database, RADIUS server, LDAP etc. that stores your valid set of credentials does not matter. The server and the client, on a HTTP level, will be exchanging these headers.

https://leonjza.github.io/blog/2013/06/25/dtob.py-digest-to-basic-authentication-a-simple-example-of-a-authentication-downgrade-attack/

0
Esteban On

As stated in the PHP documentation : http://php.net/manual/en/features.http-auth.php

<?php
if (!isset($_SERVER['PHP_AUTH_USER'])) {
    header('WWW-Authenticate: Basic realm="My Realm"');
    header('HTTP/1.0 401 Unauthorized');
    echo 'Text to send if user hits Cancel button';
    exit;
} else {
    echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
    echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
}
?>

When you have the user/password, you only need to make your LDAP code to authenticate the user on your LDAP with these credentials.

Another way to do it could be to use a HTTP server which can use a LDAP backend to authenticate the user. For example, see this documentation for Apache : https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html