Unofficial MOD_NTLM Apache Module

This is an unofficial modification to the MOD_NTLM apache module.
There are seperate versions for Apache v1.3 and Apache v2

NOTE: I take no credit for these modules. All credit for the modifications to the official modntlm module goes to Michael Cai.

What enhancements are there over the official version?

The following enhancements to the module were made (by Michael Cai):

1. Domain controller access synchronization. Added a lock (file locking in Apache 1.3.x and global mutex for Apache 2.x) that prevents two apache processes accessing the NT domain controllers simultaneously. This fixes a problem that causes IE to throw a dialog box asking for user name and password if it tries to retrieve a HTML page containing multiple images.
2. Logging enhancement. The log file in /tmp is eliminated and the logs pertaining to NTLM are written to the standard Apache web server log based on the logging level configured in the httpd.conf.
3. Global variable elimination (for Apache 2.x ONLY). There was a serious flaw in the downloaded SourceForge version. The connection to the domain controller is used as a global variable and it?s periodically destroyed by Apache when the connection to the client times out every 15 seconds (It?s the default KeepAliveTimeout value in httpd.conf). This causes problems if the connection is still used by other threads that are in the middle of handling requests from other clients. The enhancements were made so that the connection to the Domain Controller is now associated with a client connection, not shared as a global variable.
   Note: This flaw also exists in Apache 1.3 version, but it does not seem to manifest itself because Apache 1.3.x is not a multi-threaded and the requests are handled by Apache child processes.
4. Keep connection alive. In the middle of the NTLM converation (specifically, after receiving msg1 from client), the Apache server destroys the connection if the number of requests exceeds MaxKeepAliveRequests (normally 100), which results in a dialog box asking for user name and password in the client?s browser. Change is made to keep the connection alive to finish the NTLM conversation.
5. Multi domain support. Added support for multi-domain users by taking domain name from user?s request instead of from the configuration file.
6. Active Directory Support. Added support for using AD servers as the primary and secondary domain controllers.
7. Fix a bug that deals with unicode flag. This solves the problem of only the first character showing in msg1 on Solaris.

Installation

For full installation instuctions please see the Official MODNTLM site

Briefly: Unpack the files to a new directory on your PC. Then, as root, enter:

make install && make restart

Useage

There is a sample .conf file in the downloaded .tar.gz which should demonstrate the useage of this module