You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by "Dooley, Michael" <Do...@con-way.com> on 2004/02/09 21:17:23 UTC

Apache::AuthenNTLM 2.05 ntlm+basic

On the inTRAnet side of this it works fine, and authenticates agenst a
PDC/BDC.
on the inTERnet side of this it fails. prompts for user/pass/domain.

What I am trying to do is if the user is on the network use NTLM. if he is
on the internet use basic and have them sign in via user/passwd created w/
htpasswd.

am I not using authenNTLM properly? am I missing something?

error_log:
[Mon Feb 09 12:10:59 2004] [error] Bad/Missing NTLM/Basic Authorization
Header for /
[Mon Feb 09 12:11:01 2004] [error] No PDC and no fallbackdomain given for
domain
[Mon Feb 09 12:11:01 2004] [crit] [client 198.147.38.151] configuration
error:  couldn't check user.  No user file?: /


        <Location />
                PerlAuthenHandler Apache::AuthenNTLM
                AuthType ntlm,basic
                require valid-user
                PerlAddVar ntdomain "CONWAY    qgats006 ciits903"
                PerlSetVar ntlmauthoritative "off"
                PerlSetVar ntlmdebug 0
                AuthName "testing"
                AuthUserFile /www/secure/passwd
                AuthGroupFile /www/secure/group
        </Location>

Michael Dooley
Integrated Services Manager
Dooley.Michael@con-way.com
7735808777@mobile.att.net
O: (630).449.1000
F: (630).449.1010
C: (773).580.8777 

-- 
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html

Re: Apache::AuthenNTLM 2.05 ntlm+basic

Posted by Shannon Eric Peevey <sp...@unt.edu>.

Dooley, Michael wrote:

>On the inTRAnet side of this it works fine, and authenticates agenst a
>PDC/BDC.
>on the inTERnet side of this it fails. prompts for user/pass/domain.
>
>What I am trying to do is if the user is on the network use NTLM. if he is
>on the internet use basic and have them sign in via user/passwd created w/
>htpasswd.
>
>am I not using authenNTLM properly? am I missing something?
>  
>
It sets NTLM and basic by the browser response.  (IE => NTLM, everything 
else => basic)

A way around this, is to do something like AuthNetLDAP, where we return 
DECLINED if we want to allow an alternative authentication, which will 
send the request to the next AuthenHandler, which could be what ever you 
would like it to be.  (Except that IE would still try to authenticate 
using NTLM... :( )

Hmmm....  You would probably have to setup a handler before the authen 
phase to test the ip address of the end-user, and then send the request 
to the correct authen handler...  Does anyone know if there is already 
some code for this out there?

speeves
cws

-- 
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html