httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Barham, David" <barh...@ugs.com>
Subject RE: [users@httpd] repeated authentication requests
Date Tue, 08 Nov 2005 09:43:23 GMT
Apache is running on the RHEL4 linux box. I'm using mod_auth_pam to authenticate the users
against a windows AD. (i.e. apache prompts for username/password which is then past to PAM
to authenticate via pam_smb.

At the moment I've only got one realm, so the relevant bits of httpd.conf read:-

LoadModule auth_pam_module modules/mod_auth_pam.so
LoadModule auth_sys_group_module modules/mod_auth_sys_group.so

Alias /tmp/barhamd "/tmp/barhamd/"
<Directory "/tmp/barhamd">
AuthName "PAM DB area"
AuthType "basic"
require group sdtsd
</Directory>

/etc/pam.d/httpd contains
auth       required     /lib64/security/pam_smb_auth.so debug nolocal
account    required     /lib64/security/pam_permit.so

/etc/pam_smb.conf contains
{windows domain name}
{DC of domain name}

Index.html and 1.gif - 5.gif all sit in /tmp/barhamd 

My /var/log/httpd/access_log shows
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/ HTTP/1
.1" 200 769 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CL
R 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/2.jpg H
TTP/1.1" 401 476 "http://cbrlux13/tmp/barhamd/" "Mozilla/4.0 (compatible; MSIE 6
.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/1.jpg H
TTP/1.1" 200 1043 "http://cbrlux13/tmp/barhamd/" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/3.jpg H
TTP/1.1" 200 1316 "http://cbrlux13/tmp/barhamd/" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/4.jpg H
TTP/1.1" 200 1248 "http://cbrlux13/tmp/barhamd/" "Mozilla/4.0 (compatible; MSIE

And after re-entering my username/password ---

6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:36 +0000] "GET /tmp/barhamd/2.jpg H
TTP/1.1" 200 1339 "http://cbrlux13/tmp/barhamd/" "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

The html for index.html is 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<HTML>
<HEAD>
<TITLE>Home Page</TITLE>
</HEAD>

<P>
<CENTER>
<TABLE BORDER=0 CELLSPACING=4 CELLPADDING=2>
<TR ALIGN=left>
        <TD><A HREF="one.htm"><IMG BORDER=0 SRC="1.jpg"></A></TD>
</TR>
<TR ALIGN=left>
        <TD><A HREF="two.htm"><IMG BORDER=0 SRC="2.jpg"></A></TD>
</TR>
<TR ALIGN=left>
        <TD><A HREF="three.htm"><IMG BORDER=0 SRC="3.jpg"></A></TD>
</TR>
<TR ALIGN=left>
        <TD><A HREF="four.htm"><IMG BORDER=0 SRC="4.jpg"></A></TD>
</TR>
</TABLE>
</CENTER>

</BODY>
</HTML>


Sorry page is not public so can't allow access.

Thanks
David Barham

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@swx.com] 
Sent: 08 November 2005 07:38
To: users@httpd.apache.org
Subject: RE: [users@httpd] repeated authentication requests

Plain text please...

First, what does "...from a windows AD" mean? Are you accessing the page via apache or locally
via the filesystem?

Regarding the problem;
- how is your protected realm configured? (don't post the whole config - just the relevant
section)
- do you have more than one realm?
- what is the path to the images (are they in the same dir are the page or a separate image
dir)?
- is the image dir also a protected realm?
- are there any redirect rules in force?

Confusing behaviour like this can arise if you happen to nest realms (eg, /dir1 is a realm
and then you configure /dir1/subdir as a realm also) or if you redirect resources from one
realm to another parallel realm.

Is the page on the public internet? Can we have a look?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

-----Original Message-----
From: Barham, David [mailto:barhamd@ugs.com]
Sent: Montag, 7. November 2005 19:08
To: users@httpd.apache.org
Subject: [users@httpd] repeated authentication requests


I'm running Apache 2.0.52 on RHEL 2 (EM64T)
I've installed mod_auth_pam and have got the user authentication working correctly from a
windows AD.
However, I'm finding that I'm getting asked to re-authenticate multiple times.
 
In a simple example I might get a page index.html with multiple images. The index.html downloads
but then the next entry in the httpd log is a 401 for image1.gif. My browser prompts (again)
for username/password but even while it is waiting for a response I see GETs for image2.gif,
image3.gif etc.
 
If I cancel the username/password dialog box and then refresh the browser I get the gif which
was missing the first time around but this time get the 401 on a different image. It seems
to always be the second GET which causes this.
 
Has anyone seen this?
 
Thanks
David Barham

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen-
bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature.
It is not related to the exchange or business activities of the SWX Group. Le présent e-mail
est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. No confidentiality or privilege is waived or lost by any
mistransmission. If you receive this message in error, please notify the sender urgently and
then immediately delete the message and any copies of it from your system. Please also immediately
destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the intended recipient.
The sender's company reserves the right to monitor all e-mail communications through their
networks. Any views expressed in this message are those of the individual sender, except where
the message states otherwise and the sender is authorised to state them to be the views of
the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message