TIBCO Spotfire Community
Welcome to TIBCO Spotfire Community Sign in | Join | Help
Home Blogs Forums Photos

Knowledge Base Home

Enabling NTLM Authentication in Clustered Environments

Introduction

When you cluster two or more Spotfire Servers with the Apache httpd web server as front-end, some authentication protocols (such as NTLM) require authentication to be performed on the front-end itself. In case of NTLM, Apache httpd does not support the protocol out of the box, but must be extended with a custom module, mod_auth_sspi. The Spotfire Server Installation and Configuration manual describes this procedure in further detail. What it does not cover is where to obtain a compatible binary of the module.

 

mod_auth_sspi

mod_auth_sspi is an open source project available on SourceForge. Unfortunately, the code repository on SourceForge is not maintained properly and the project has not had any official releases since mid 2006. Also, the binaries available on the aforementioned site contain a bug that prevents the module to collaborate properly with TIBCO Spotfire clients. This bug has been addressed by a developer but the patch has not yet found its way into the code repository.

On James Van Lommel’s blog, he describes the problem and a solution to it. He also makes available binary complications of his contribution to the mod_auth_sspi code. These binaries are available for version 2.2.8, 2.2.9, and 2.2.11 of Apache http on Windows. The blog also includes information about the prerequisites of the module (i.e. the Microsoft Visual C++ redistributables).

If you wish to install the module on a non-Windows based platform, you must manually build the module from its source code. Again, the blog has excellent instructions for how to. You may also want to build the module yourself, if you wish to run any version of httpd for which there are no precompiled versions of mod_auth_sspi.

 

Patching the Patch

On some Windows installations, the precompiled versions of mod_auth_sspi from the blog link above fails with the following error message:

Cannot load C:/httpd/modules/mod_auth_sspi.so into server: The specified module could not be found.

If this is the case for your installation:

1. Make sure that mod_auth_sspi is properly copied to the httpd installation folder and properly configured in httpd.conf and mod_auth_sspi.conf.

2. Make sure that you have installed the Microsoft Visual C++ SP1 redistributables.

3. On a system where Microsoft Visual Studio is installed, open the Visual Studio command prompt and type the following:
>mt -manifest httpd.exe.manifest -outputresource:mod_auth_sspi.so;2


This command merges the provided manifest file into the module binary, making it 100% compatible with most modern versions of Microsoft Windows.

Published May 26 2009, 04:18 PM by Ehsan Yazdani
Filed under: , , , ,
Rating:
Comments

About Ehsan Yazdani

Ehsan Yazdani is a developer with the TIBCO Spotfire and the TIBCO Spotfire Analytics Server Framework teams. His fields of expertise are network communication, web services, and framework extensibility.