You are viewing a plain text version of this content. The canonical link for it is here.
Posted to modperl@perl.apache.org by "Dooley, Michael" <Do...@con-way.com> on 2004/02/09 21:17:23 UTC
Apache::AuthenNTLM 2.05 ntlm+basic
On the inTRAnet side of this it works fine, and authenticates agenst a
PDC/BDC.
on the inTERnet side of this it fails. prompts for user/pass/domain.
What I am trying to do is if the user is on the network use NTLM. if he is
on the internet use basic and have them sign in via user/passwd created w/
htpasswd.
am I not using authenNTLM properly? am I missing something?
error_log:
[Mon Feb 09 12:10:59 2004] [error] Bad/Missing NTLM/Basic Authorization
Header for /
[Mon Feb 09 12:11:01 2004] [error] No PDC and no fallbackdomain given for
domain
[Mon Feb 09 12:11:01 2004] [crit] [client 198.147.38.151] configuration
error: couldn't check user. No user file?: /
<Location />
PerlAuthenHandler Apache::AuthenNTLM
AuthType ntlm,basic
require valid-user
PerlAddVar ntdomain "CONWAY qgats006 ciits903"
PerlSetVar ntlmauthoritative "off"
PerlSetVar ntlmdebug 0
AuthName "testing"
AuthUserFile /www/secure/passwd
AuthGroupFile /www/secure/group
</Location>
Michael Dooley
Integrated Services Manager
Dooley.Michael@con-way.com
7735808777@mobile.att.net
O: (630).449.1000
F: (630).449.1010
C: (773).580.8777
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html
Re: Apache::AuthenNTLM 2.05 ntlm+basic
Posted by Shannon Eric Peevey <sp...@unt.edu>.
Dooley, Michael wrote:
>On the inTRAnet side of this it works fine, and authenticates agenst a
>PDC/BDC.
>on the inTERnet side of this it fails. prompts for user/pass/domain.
>
>What I am trying to do is if the user is on the network use NTLM. if he is
>on the internet use basic and have them sign in via user/passwd created w/
>htpasswd.
>
>am I not using authenNTLM properly? am I missing something?
>
>
It sets NTLM and basic by the browser response. (IE => NTLM, everything
else => basic)
A way around this, is to do something like AuthNetLDAP, where we return
DECLINED if we want to allow an alternative authentication, which will
send the request to the next AuthenHandler, which could be what ever you
would like it to be. (Except that IE would still try to authenticate
using NTLM... :( )
Hmmm.... You would probably have to setup a handler before the authen
phase to test the ip address of the end-user, and then send the request
to the correct authen handler... Does anyone know if there is already
some code for this out there?
speeves
cws
--
Reporting bugs: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html