httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dragon <dra...@crimson-dragon.com>
Subject Re: [users@httpd] Multiple Authentication
Date Fri, 03 Aug 2007 21:45:13 GMT
Brian Weed wrote:
>I'm using Apache v2.2.4 (on Windows Server 2003) and
>I'm trying to use both SSPI and Basic Authentication
>together so that both Domain and non-domain users can
>log in to my Trac Wiki site.
>
>Withi this config:
>
><LocationMatch "/cgi-bin/trac.cgi/[^/]+/login">
>
>   # Domain Login
>
>   AuthName "my domain"
>
>   AuthType SSPI
>   SSPIAuth On
>   SSPIAuthoritative Off
>   SSPIDomain MYDOMAIN
>   SSPIOfferBasic On
>   SSPIOfferSSPI Off
>   SSPIOmitDomain On
>   SSPIPerRequestAuth On
>
>  # Non-domain login
>   AuthType Basic
>   AuthBasicAuthoritative Off
>   AuthUserFile D:/wikis/trac.htpasswd
>
>   Require valid-user
>
></LocationMatch>
>
>It only allows Domain users to log in.  Its not
>falling back to Basic via AuthUserFile.
>If I turn off SSPI, then it allows Basic Auth (but
>obviously not Domain login).
>
>Searching the web, I've found a few people with
>similar problems, but no real solution:
>
>http://svn.haxx.se/users/archive-2006-09/1384.shtml
>and
>http://www.svnforum.org/2017/viewtopic.php?p=11517
>
>The error I get in the error.log is: "...Logon
>failure: unknown user name or bad password.  : user
>MYDOMAIN\\nondomainuser: authentication failure for
>"/cgi-bin/trac.cgi/foo/login"
>
>So, it seems as though it's always prepending the
>domain, even when falling back to Basic, or its not
>falling back at all.
>
>Is there some other module I have to install to
>support falling back?
>Any ideas as to what else I may be doing wrong?
>
---------------- End original message. ---------------------

Just a thought... (caveat being I have not messed with anything 
beyond basic authentication).

What about having two different virtual hosts serving as entry points 
to this application which both point to the same application directory?

I think by doing that you can have one of the authentication methods 
associated with one virtual host and the other with the second virtual host.

Dragon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message