You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Morris, Andi" <am...@cardiffmet.ac.uk> on 2014/06/24 15:19:54 UTC
[users@httpd] Pound symbol encoding issue?
Hi,
We are having some authentication issues with Apache if a user has a £ symbol as part of their password. The error_log shows:
(OS 1326)Logon failure: unknown user name or bad password
When the same user removes the pound symbol from the password they are authenticated with no issues.
The setup is:
TMG publishes our Shibboleth server externally and present the user with a form for Forms Based Authentication. Shibboleth uses an Apache virtual server called Remote User to handle the authentication.
The problem only occurs when the users login from outside our network, via TMG and the Apache Remote User vhost.
The same TMG form is used to publish our sharepoint and other internal resources, and the issue does not occur there when using the same test user.
The parts of the config that I can see that are relevant are:
<Location /idp/Authn/RemoteUser>
AuthName "Identity Provider"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
SSPIPerRequestAuth On
SSPIUsernameCase lower
require valid-user
</Location>
I've read around about forcing the basic authentication using:
SSPIBasicPreferred On
So I'm going to give that a try overnight (I can only restart the apache service out of hours frustratingly).
I'm happy to post up any obfuscated config files that might be required to help resolve this. I'm pretty new to Apache but willing to provide whatever is required.
Does anyone have any suggestions for why the apache server doesn't seem to like the pound symbol?
Cheers,
Andi
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
RE: [users@httpd] Pound symbol encoding issue?
Posted by "Morris, Andi" <am...@cardiffmet.ac.uk>.
Hi Jeff,
Unfortunately it looks like the forums and bug reporter for that module are pretty inactive so I’m not sure there’s anybody monitoring them.
Cheers,
Andi
From: Jeff Trawick [mailto:trawick@gmail.com]
Sent: 24 June 2014 15:26
To: users@httpd.apache.org
Subject: Re: [users@httpd] Pound symbol encoding issue?
On Tue, Jun 24, 2014 at 9:19 AM, Morris, Andi <am...@cardiffmet.ac.uk>> wrote:
Hi,
We are having some authentication issues with Apache if a user has a £ symbol as part of their password. The error_log shows:
(OS 1326)Logon failure: unknown user name or bad password
When the same user removes the pound symbol from the password they are authenticated with no issues.
The setup is:
TMG publishes our Shibboleth server externally and present the user with a form for Forms Based Authentication. Shibboleth uses an Apache virtual server called Remote User to handle the authentication.
The problem only occurs when the users login from outside our network, via TMG and the Apache Remote User vhost.
The same TMG form is used to publish our sharepoint and other internal resources, and the issue does not occur there when using the same test user.
The parts of the config that I can see that are relevant are:
<Location /idp/Authn/RemoteUser>
AuthName "Identity Provider"
AuthType SSPI
SSPIAuth On
Have you checked with the mod_auth_sspi folks? (mailing list or bug db) I suspect that this is an issue with that third-party module. Perhaps someone here can help, but a resource specific to mod_auth_sspi would probably yield better results.
If you can duplicate the error with some simple httpd-bundled authentication module (e.g., mod_authn_file), open a bug against httpd and provide the test case.
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
SSPIPerRequestAuth On
SSPIUsernameCase lower
require valid-user
</Location>
I've read around about forcing the basic authentication using:
SSPIBasicPreferred On
So I'm going to give that a try overnight (I can only restart the apache service out of hours frustratingly).
I'm happy to post up any obfuscated config files that might be required to help resolve this. I'm pretty new to Apache but willing to provide whatever is required.
Does anyone have any suggestions for why the apache server doesn't seem to like the pound symbol?
Cheers,
Andi
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org<ma...@httpd.apache.org>
For additional commands, e-mail: users-help@httpd.apache.org<ma...@httpd.apache.org>
--
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/
Re: [users@httpd] Pound symbol encoding issue?
Posted by Jeff Trawick <tr...@gmail.com>.
On Tue, Jun 24, 2014 at 9:19 AM, Morris, Andi <am...@cardiffmet.ac.uk>
wrote:
> Hi,
> We are having some authentication issues with Apache if a user has a £
> symbol as part of their password. The error_log shows:
> (OS 1326)Logon failure: unknown user name or bad password
>
> When the same user removes the pound symbol from the password they are
> authenticated with no issues.
>
> The setup is:
> TMG publishes our Shibboleth server externally and present the user with a
> form for Forms Based Authentication. Shibboleth uses an Apache virtual
> server called Remote User to handle the authentication.
>
> The problem only occurs when the users login from outside our network, via
> TMG and the Apache Remote User vhost.
> The same TMG form is used to publish our sharepoint and other internal
> resources, and the issue does not occur there when using the same test user.
>
> The parts of the config that I can see that are relevant are:
> <Location /idp/Authn/RemoteUser>
> AuthName "Identity Provider"
> AuthType SSPI
> SSPIAuth On
>
Have you checked with the mod_auth_sspi folks? (mailing list or bug db) I
suspect that this is an issue with that third-party module. Perhaps
someone here can help, but a resource specific to mod_auth_sspi would
probably yield better results.
If you can duplicate the error with some simple httpd-bundled
authentication module (e.g., mod_authn_file), open a bug against httpd and
provide the test case.
> SSPIAuthoritative On
> SSPIOfferBasic On
> SSPIOmitDomain On
> SSPIPerRequestAuth On
> SSPIUsernameCase lower
> require valid-user
> </Location>
>
> I've read around about forcing the basic authentication using:
> SSPIBasicPreferred On
> So I'm going to give that a try overnight (I can only restart the apache
> service out of hours frustratingly).
>
> I'm happy to post up any obfuscated config files that might be required to
> help resolve this. I'm pretty new to Apache but willing to provide whatever
> is required.
>
> Does anyone have any suggestions for why the apache server doesn't seem to
> like the pound symbol?
>
> Cheers,
> Andi
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
--
Born in Roswell... married an alien...
http://emptyhammock.com/
http://edjective.org/
[users@httpd] RE: Pound symbol encoding issue?
Posted by "Morris, Andi" <am...@cardiffmet.ac.uk>.
Apologies, I meant to put the following details into the post.
Version: 2.2.17
Running on Windows 2008 R2 SP1
Cheers,
Andi
-----Original Message-----
From: Morris, Andi [mailto:amorris@cardiffmet.ac.uk]
Sent: 24 June 2014 14:20
To: 'users@httpd.apache.org'
Subject: [users@httpd] Pound symbol encoding issue?
Hi,
We are having some authentication issues with Apache if a user has a £ symbol as part of their password. The error_log shows:
(OS 1326)Logon failure: unknown user name or bad password
When the same user removes the pound symbol from the password they are authenticated with no issues.
The setup is:
TMG publishes our Shibboleth server externally and present the user with a form for Forms Based Authentication. Shibboleth uses an Apache virtual server called Remote User to handle the authentication.
The problem only occurs when the users login from outside our network, via TMG and the Apache Remote User vhost.
The same TMG form is used to publish our sharepoint and other internal resources, and the issue does not occur there when using the same test user.
The parts of the config that I can see that are relevant are:
<Location /idp/Authn/RemoteUser>
AuthName "Identity Provider"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
SSPIOfferBasic On
SSPIOmitDomain On
SSPIPerRequestAuth On
SSPIUsernameCase lower
require valid-user
</Location>
I've read around about forcing the basic authentication using:
SSPIBasicPreferred On
So I'm going to give that a try overnight (I can only restart the apache service out of hours frustratingly).
I'm happy to post up any obfuscated config files that might be required to help resolve this. I'm pretty new to Apache but willing to provide whatever is required.
Does anyone have any suggestions for why the apache server doesn't seem to like the pound symbol?
Cheers,
Andi
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org