You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Barnaby Kent <ba...@hotmail.com> on 2004/09/19 12:33:47 UTC

[users@httpd] Intermittent Basic Authentication Failure

Hi,

Please can someone help me out here I am at a complete loss. We use Baic 
authentication on our web application as a way to protect direct access to 
semi-sensitive images. The user logs in using a 'secure' method and is 
provided with a further password or session id which is used by basic 
authentication to allow them access to the images for their sesssion. I am 
using mod_auth_pgsql so we can authenticate against a postgresql db.

This all works fine 99% of the time but every so often a user will enter the 
correct details at the Basic authentication prompt - I have checked them 
against the values that have been placed in the database - and they wil not 
be permitted access. It is almost as if the browser is not sending the 
authorization header correctly. This sometimes happens when the basic 
authentication prompt first pops up but can also occur when the user has 
been allowed access to resources for a while but then the prompt pos up.

I get two errors in the error log reported by mod_auth_pgsql, an "empty 
password" 403 and a "password mismatch" 403. I cannot work out if the 
browser is not sending the authorization header correctly - is their a limit 
to the size of the Base 64 encoded authorization header that is allowed to 
be sent? Or maybe the module not correctly decoding the authorization 
header.
This seems to happen across authenticaiton realms. Also I am using Tomcat 
with Apache if that makes any difference and I am authenticating resources 
served by apache and tomcat.

ANY COMMENT greatly appreciated,

Thanks,

Barnaby

_________________________________________________________________
Want to block unwanted pop-ups? Download the free MSN Toolbar now!  
http://toolbar.msn.co.uk/


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org