httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [users@httpd] Sspi login prompts - enable more than one
Date Mon, 22 Sep 2008 20:06:23 GMT
Gallardo, Lisa wrote:
> I have sspi module enabled on website (windows 2003, apache 2.0) and
> have googled to figure out how to get the login prompt to prompt at
> least 3 times (if incorrect password submitted) but so far only get one
> prompt and then error page of no access which freaks folks out. Plus,
> they can't go back or refresh page because it's set in their cookies.
> 
> Is there somewhere in the httpd.conf file I can set more than one login
> prompt for the site?
> 
To answer you second question first : I don't think so.  This kind of 
thing is more likely due to the browser settings.

But there is something else that bothers me above :
When you use something like sspi, it is usually because you want the 
users browsers, in an Intranet that is also a Windows Domain, to be able 
to authenticate to the Apache webserver using their Windows Domain 
user-id (which is already known to the workstation at that point, since 
they have already logged in to the Windows Domain).

In that context, when the login dialog even appears once in the browser, 
it is already an indication of a failure.
It means that the (automatic) Windows authentication has failed, and 
that the browser is "falling back" to Basic authentication.  And since 
the server will not accept this form of authentication, the browser 
login will *never* succeed. No matter how often the login dialog comes back.

Now, assuming your users are in an Intranet and a Windows Domain, I 
would first check the configuration of the browsers, and particularly a 
checkbox somewhere (in IE) saying "Allow Windows Integrated Authentication".

And if the browsers are not directly inside the Domain, then you may 
also want to add your webserver's hostname to the list of "trusted hosts".

Try again then and let us know.




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message