httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 47167] Authenticated sessions being switched by reverse proxy
Date Mon, 11 May 2009 05:01:35 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=47167





--- Comment #5 from Duncan Fletcher <duncan.fletcher@dsto.defence.gov.au>  2009-05-10
22:01:30 PST ---
Okay, we just ran another test, this time using "AuthType Basic" instead of
"AuthType SSPI" and mod_auth_sspi (we are using v1.0.4 from
http://sourceforge.net/projects/mod-auth-sspi).  The problem went away under
Apache 2.2.11.
So it looks like Ruediger is correct and that the problem is in an assumption
that mod_auth_sspi is (incorrectly) making about keep-alives being synonymous
with sessions.

We've been using pre-compiled binaries so although we can break out the
compiler to try Nick's suggestion, it'll take time.  i.e. I'd like confirmation
that it will (likely) add valuable information before we chase that rabbit.

In the meantime, we'll look into using mod_authnz_ldap for Windows AD
authentication as an alternative to mod_auth_sspi and also track down a copy of
the latter's source code to see if its feasible to fix that.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message