Authorization in the domain network

It is required to enable authorization in a web application (in php) on a network with a domain controller WITHOUT user participation (without entering a login/password pair).
The web server is preferably nginx.
I would like to know what options there are for this.

I had the following ideas:

  • NTLM (supported by all modern browsers)
  • Kerberos (I saw it somewhere, I can’t imagine the mechanism)
  • Plug-in for the browser (never wrote anything like this, I didn’t see any options)
  • Checking through a query to AD who is sitting at a certain IP (there are many options, it can be easily broken)
  • A program that provides authorization (didn’t write one, saw the implementation, didn’t write it myself, didn’t see the finished program)

Answer 1

keywords – ldap, ntml
and all this will most likely work only under IE

Answer 2

Authorization by MAC address if in the local network))