You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Brian Weed <br...@yahoo.com> on 2007/08/03 23:23:44 UTC
[users@httpd] Multiple Authentication
I'm using Apache v2.2.4 (on Windows Server 2003) and
I'm trying to use both SSPI and Basic Authentication
together so that both Domain and non-domain users can
log in to my Trac Wiki site.
Withi this config:
<LocationMatch "/cgi-bin/trac.cgi/[^/]+/login">
# Domain Login
AuthName "my domain"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative Off
SSPIDomain MYDOMAIN
SSPIOfferBasic On
SSPIOfferSSPI Off
SSPIOmitDomain On
SSPIPerRequestAuth On
# Non-domain login
AuthType Basic
AuthBasicAuthoritative Off
AuthUserFile D:/wikis/trac.htpasswd
Require valid-user
</LocationMatch>
It only allows Domain users to log in. Its not
falling back to Basic via AuthUserFile.
If I turn off SSPI, then it allows Basic Auth (but
obviously not Domain login).
Searching the web, I've found a few people with
similar problems, but no real solution:
http://svn.haxx.se/users/archive-2006-09/1384.shtml
and
http://www.svnforum.org/2017/viewtopic.php?p=11517
The error I get in the error.log is: "...Logon
failure: unknown user name or bad password. : user
MYDOMAIN\\nondomainuser: authentication failure for
"/cgi-bin/trac.cgi/foo/login"
So, it seems as though it's always prepending the
domain, even when falling back to Basic, or its not
falling back at all.
Is there some other module I have to install to
support falling back?
Any ideas as to what else I may be doing wrong?
Thanks.
Brian
____________________________________________________________________________________
Need a vacation? Get great deals
to amazing places on Yahoo! Travel.
http://travel.yahoo.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Multiple Authentication
Posted by Brian Weed <br...@yahoo.com>.
--- Dragon <dr...@crimson-dragon.com> wrote:
> Brian Weed wrote:
> >I'm using Apache v2.2.4 (on Windows Server 2003)
> and
> >I'm trying to use both SSPI and Basic
> Authentication
> >together so that both Domain and non-domain users
> can
> >log in to my Trac Wiki site.
> >
> >Withi this config:
> >
> ><LocationMatch "/cgi-bin/trac.cgi/[^/]+/login">
> >
> > # Domain Login
> >
> > AuthName "my domain"
> >
> > AuthType SSPI
> > SSPIAuth On
> > SSPIAuthoritative Off
> > SSPIDomain MYDOMAIN
> > SSPIOfferBasic On
> > SSPIOfferSSPI Off
> > SSPIOmitDomain On
> > SSPIPerRequestAuth On
> >
> > # Non-domain login
> > AuthType Basic
> > AuthBasicAuthoritative Off
> > AuthUserFile D:/wikis/trac.htpasswd
> >
> > Require valid-user
> >
> ></LocationMatch>
> >
> >It only allows Domain users to log in. Its not
> >falling back to Basic via AuthUserFile.
> >If I turn off SSPI, then it allows Basic Auth (but
> >obviously not Domain login).
> >
> >Searching the web, I've found a few people with
> >similar problems, but no real solution:
> >
> >http://svn.haxx.se/users/archive-2006-09/1384.shtml
> >and
> >http://www.svnforum.org/2017/viewtopic.php?p=11517
> >
> >The error I get in the error.log is: "...Logon
> >failure: unknown user name or bad password. : user
> >MYDOMAIN\\nondomainuser: authentication failure for
> >"/cgi-bin/trac.cgi/foo/login"
> >
> >So, it seems as though it's always prepending the
> >domain, even when falling back to Basic, or its not
> >falling back at all.
> >
> >Is there some other module I have to install to
> >support falling back?
> >Any ideas as to what else I may be doing wrong?
> >
> ---------------- End original message.
> ---------------------
>
> Just a thought... (caveat being I have not messed
> with anything
> beyond basic authentication).
>
> What about having two different virtual hosts
> serving as entry points
> to this application which both point to the same
> application directory?
>
> I think by doing that you can have one of the
> authentication methods
> associated with one virtual host and the other with
> the second virtual host.
>
> Dragon
Thanks for the workaround.
Brian
____________________________________________________________________________________
Shape Yahoo! in your own image. Join our Network Research Panel today! http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Multiple Authentication
Posted by Dragon <dr...@crimson-dragon.com>.
Brian Weed wrote:
>I'm using Apache v2.2.4 (on Windows Server 2003) and
>I'm trying to use both SSPI and Basic Authentication
>together so that both Domain and non-domain users can
>log in to my Trac Wiki site.
>
>Withi this config:
>
><LocationMatch "/cgi-bin/trac.cgi/[^/]+/login">
>
> # Domain Login
>
> AuthName "my domain"
>
> AuthType SSPI
> SSPIAuth On
> SSPIAuthoritative Off
> SSPIDomain MYDOMAIN
> SSPIOfferBasic On
> SSPIOfferSSPI Off
> SSPIOmitDomain On
> SSPIPerRequestAuth On
>
> # Non-domain login
> AuthType Basic
> AuthBasicAuthoritative Off
> AuthUserFile D:/wikis/trac.htpasswd
>
> Require valid-user
>
></LocationMatch>
>
>It only allows Domain users to log in. Its not
>falling back to Basic via AuthUserFile.
>If I turn off SSPI, then it allows Basic Auth (but
>obviously not Domain login).
>
>Searching the web, I've found a few people with
>similar problems, but no real solution:
>
>http://svn.haxx.se/users/archive-2006-09/1384.shtml
>and
>http://www.svnforum.org/2017/viewtopic.php?p=11517
>
>The error I get in the error.log is: "...Logon
>failure: unknown user name or bad password. : user
>MYDOMAIN\\nondomainuser: authentication failure for
>"/cgi-bin/trac.cgi/foo/login"
>
>So, it seems as though it's always prepending the
>domain, even when falling back to Basic, or its not
>falling back at all.
>
>Is there some other module I have to install to
>support falling back?
>Any ideas as to what else I may be doing wrong?
>
---------------- End original message. ---------------------
Just a thought... (caveat being I have not messed with anything
beyond basic authentication).
What about having two different virtual hosts serving as entry points
to this application which both point to the same application directory?
I think by doing that you can have one of the authentication methods
associated with one virtual host and the other with the second virtual host.
Dragon
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org