Single-Sign-On ability with Active Directory

[Mariusz Cegiełka]

Single-Sign-On usually means user already authenticated on his/her computer through AD Domain account don't need to type in username and password (http://en.wikipedia.org/wiki/Single_sign-on), but examples does not show this ability, so is possible with PLDAP?

[Liber Chen]

refer from wikipedia:
"Single sign-on (SSO) is a property of access control of multiple related, but independent software systems. With this property a user logs in once and gains access to all systems without being prompted to log in again at each of them. This is typically accomplished using the Lightweight Directory Access Protocol (LDAP) and stored LDAP databases on servers.[1] A simple version of single sign-on can be achieved using cookies but only if the sites are on the same domain.[2]"

I did not see what you said.
Suggest you figure out what is SSO first then use PLDAP.
I could not tell you what is SSO in here.

[Mariusz Cegiełka]

Well, I meant this part: "gains access to all systems without being prompted to log in again at each of them". As I now see, PLDAP authenticates user to AD domain server, but I have to supply username and password to it, hence have to prompt for them. I'm searching for method to avoid prompting for password for users already authenticated to AD on their computers, probably mod_auth_ntlm_winbind is the way to go.

[Mariusz Cegiełka]