httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pieter Vanmeerbeek" <pie...@vanmeerbeek.net>
Subject [users@httpd] Header set & WWW-Authenticate
Date Wed, 26 Sep 2007 10:00:09 GMT
Hi,

I'm working with the following setup : 

Client <-- internet--> apache reverse proxy <--lan--> owa 2003 with NTLM &
basic  authenticaton activated

When using this setup the NTLM authentication is chosen by a browser on the
client instead of the basic authentication.
My goal is to use basic authentication and to disable NTLM authentication.
Unfortunalty due to circumstances I cannot disable it on the owa server
itself.
Hence I was searching for a way to achief the same result using the reverse
proxy.

In the apache doc I found the Header directive which allows modification of
headers if they exist.
So I'm getting the following headers from  the IIS :

WWW-Authenticate: Negotiate 
WWW-Authenticate: NTLM 
WWW-Authenticate: Basic realm="x.x.x.x"

And I want to only comminicate the basic one to the client.

When using Header unset WWW-Authenticate all headers are removed resulting
in an error since no authentication is performed.
So I wanted to use the Header edit option which allows modification in the
header exists

Header edit WWW-Authenticate: ^NTLM dummy


Unfortunatly doing this results in removal of all WWW-Authenticate headers
except for the Negotiate instead of modification of the headers.
Headers sent to client : 
WWW-Authenticate: Negotiate


Can anyone help me and tell me what I'm doing wrong?

Kind regards
Pieter



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message