Most, well, all of my client sites have Active Directory based networks. To facilitate authentication and authorization to various pages of a web-site, it makes it easier on admin staff to assign users to groups in Active Directory, and then use NTLM Pass-through Authentication from Internet Explorer based web browsers to gain access to selected pages.
In performing research on this subject, I came across how to make Squid perform NTLM Pass-Through Authentication and act as a replacement Microsoft
ISA server.
But back to Apache based NTLM Pass through authentication, I came across something that is
supposed to work with Drupal. The source file doesn't offer up easy to use information.
Moving along, there is a circa 2000 NTLM auth module for Apache/Unix.
I think the Apache-AuthenNTLM Perl Module is probably the best solution, well the
best I've encountered so far. That is
the one I'm going to try. There are a couple of supporting documents: Modperl Mailing List Entry and a SourceForge Discussion Group entry.
The unknown is how to integrate group authorization. It looks like the only way to
get appropriate information is through basic authentication so I can use those
credentials to gain secondary access to AD group composition via a previously described
LDAP module. That should allow me to gain automatic access to username and password.