RE: Pound symbol encoding issue?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Jeff,

Unfortunately it looks like the forums and bug reporter for that module are pretty inactive so I’m not sure there’s anybody monitoring them.

 

Cheers,

Andi

 

From: Jeff Trawick [mailto:trawick@xxxxxxxxx]
Sent: 24 June 2014 15:26
To: users@xxxxxxxxxxxxxxxx
Subject: Re: [users@httpd] Pound symbol encoding issue?

 

On Tue, Jun 24, 2014 at 9:19 AM, Morris, Andi <amorris@xxxxxxxxxxxxxxxx> wrote:

Hi,
We are having some authentication issues with Apache if a user has a £ symbol as part of their password. The error_log shows:
(OS 1326)Logon failure: unknown user name or bad password

When the same user removes the pound symbol from the password they are authenticated with no issues.

The setup is:
TMG publishes our Shibboleth server externally and present the user with a form for Forms Based Authentication. Shibboleth uses an Apache virtual server called Remote User to handle the authentication.

The problem only occurs when the users login from outside our network, via TMG and the Apache Remote User vhost.
The same TMG form is used to publish our sharepoint and other internal resources, and the issue does not occur there when using the same test user.

The parts of the config that I can see that are relevant are:
<Location /idp/Authn/RemoteUser>
    AuthName "Identity Provider"
    AuthType SSPI
    SSPIAuth On

 

Have you checked with the mod_auth_sspi folks?  (mailing list or bug db)  I suspect that this is an issue with that third-party module.  Perhaps someone here can help, but a resource specific to mod_auth_sspi would probably yield better results.

 

If you can duplicate the error with some simple httpd-bundled authentication module (e.g., mod_authn_file), open a bug against httpd and provide the test case.

 

 

    SSPIAuthoritative On
    SSPIOfferBasic On
    SSPIOmitDomain On
    SSPIPerRequestAuth On
    SSPIUsernameCase lower
    require valid-user
</Location>

I've read around about forcing the basic authentication using:
SSPIBasicPreferred On
So I'm going to give that a try overnight (I can only restart the apache service out of hours frustratingly).

I'm happy to post up any obfuscated config files that might be required to help resolve this. I'm pretty new to Apache but willing to provide whatever is required.

Does anyone have any suggestions for why the apache server doesn't seem to like the pound symbol?

Cheers,
Andi

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



 

--

Born in Roswell... married an alien...
http://emptyhammock.com/

 

[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux