==========

Basic installation instructions: 

1. Add the module to the server's config file. 
Typically you'll do this by adding something like the following to your
httpd.conf:

    LoadModule sspi_auth_module modules/mod_auth_sspi.so

Make it the last module loaded if you can. 

2. Protect a directory or location. 
You can put these directives inside the httpd.conf file, or inside .htaccess
files if AllowOverride AuthConfig is set. 

<Directory "C:/SSPI">
    AllowOverride None
    Options None
    Order allow,deny
    Allow from all
    
    AuthName "My Intranet"
    AuthType SSPI
    SSPIAuth On
    SSPIAuthoritative On

    require valid-user
</Directory>

3. If you plan to use Basic authentication, set the Apache service to run as
a valid local or domain user. Failure to do so will result in clients getting
400 Bad Request or 500 Internal Server Error responses. 

==========

That's about it! A brief discussion of the other options (copied verbatim from
the source): 

    SSPIAuth           - set to 'on' to activate SSPI authentication here 
    SSPIOfferSSPI      - set to 'off' to allow access control to be passed 
                         along to lower modules if the UserID is not known to 
                         this module 
    SSPIAuthoritative  - set to 'off' to allow access control to be passed 
                         along to lower modules if the UserID is not known to 
                         this module 
    SSPIOfferBasic     - set to 'on' to allow the client to authenticate 
                         against NT with 'Basic' authentication instead of 
                         using the NTLM protocol 
    SSPIPackage        - set to the name of the package you want to use to 
                         authenticate users 
    SSPIDomain         - set to the domain you want users authenticated 
                         against for cleartext authentication - if not 
                         specified, the local machine, then all trusted 
                         domains are checked 
    SSPIOmitDomain     - set to 'on' if you want the usernames to have the domain
                         prefix OMITTED, on = user, off = DOMAIN\\user
    SSPIUsernameCase   - set to 'lower' if you want the username and domain to
                         be lowercase, set to 'upper' if you want the username
                         and domain to be uppercase, if not specified, username
                         and domain case conversion is disabled
    SSPIBasicPreferred - set to 'on' if you want basic authentication to be 
                         the higher priority 
    SSPIMSIE3Hack      - set to 'on' if you expect MSIE 3 clients to be using 
                         this server 

The require directive can take the following forms (based on the old
mod_auth): 

    require valid-user             # any valid user will do, useful for logging
                                   # who accessed each file, for example
    require user DOMAIN\Username   # require a specific user
    require group DOMAIN\Groupname # require a group member
    require user "NT DOMAIN\User name" 
                                   # require a user with spaces in logon id

==========

That's all - I hope the module's useful. 

Tim <tjcostel@users.sourceforge.net>


