RE: [users@httpd] repeated authentication requests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Apache is running on the RHEL4 linux box. I'm using mod_auth_pam to authenticate the users against a windows AD. (i.e. apache prompts for username/password which is then past to PAM to authenticate via pam_smb.

At the moment I've only got one realm, so the relevant bits of httpd.conf read:-

LoadModule auth_pam_module modules/mod_auth_pam.so
LoadModule auth_sys_group_module modules/mod_auth_sys_group.so

Alias /tmp/barhamd "/tmp/barhamd/"
<Directory "/tmp/barhamd">
AuthName "PAM DB area"
AuthType "basic"
require group sdtsd
</Directory>

/etc/pam.d/httpd contains
auth       required     /lib64/security/pam_smb_auth.so debug nolocal
account    required     /lib64/security/pam_permit.so

/etc/pam_smb.conf contains
{windows domain name}
{DC of domain name}

Index.html and 1.gif - 5.gif all sit in /tmp/barhamd 

My /var/log/httpd/access_log shows
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/ HTTP/1
.1" 200 769 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CL
R 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/2.jpg H
TTP/1.1" 401 476 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 (compatible; MSIE 6
.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/1.jpg H
TTP/1.1" 200 1043 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/3.jpg H
TTP/1.1" 200 1316 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/4.jpg H
TTP/1.1" 200 1248 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 (compatible; MSIE

And after re-entering my username/password ---

6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:36 +0000] "GET /tmp/barhamd/2.jpg H
TTP/1.1" 200 1339 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

The html for index.html is 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<HTML>
<HEAD>
<TITLE>Home Page</TITLE>
</HEAD>

<P>
<CENTER>
<TABLE BORDER=0 CELLSPACING=4 CELLPADDING=2>
<TR ALIGN=left>
        <TD><A HREF="one.htm"><IMG BORDER=0 SRC="1.jpg"></A></TD>
</TR>
<TR ALIGN=left>
        <TD><A HREF="two.htm"><IMG BORDER=0 SRC="2.jpg"></A></TD>
</TR>
<TR ALIGN=left>
        <TD><A HREF="three.htm"><IMG BORDER=0 SRC="3.jpg"></A></TD>
</TR>
<TR ALIGN=left>
        <TD><A HREF="four.htm"><IMG BORDER=0 SRC="4.jpg"></A></TD>
</TR>
</TABLE>
</CENTER>

</BODY>
</HTML>


Sorry page is not public so can't allow access.

Thanks
David Barham

-----Original Message-----
From: Boyle Owen [mailto:Owen.Boyle@xxxxxxx] 
Sent: 08 November 2005 07:38
To: users@xxxxxxxxxxxxxxxx
Subject: RE: [users@httpd] repeated authentication requests

Plain text please...

First, what does "...from a windows AD" mean? Are you accessing the page via apache or locally via the filesystem?

Regarding the problem;
- how is your protected realm configured? (don't post the whole config - just the relevant section)
- do you have more than one realm?
- what is the path to the images (are they in the same dir are the page or a separate image dir)?
- is the image dir also a protected realm?
- are there any redirect rules in force?

Confusing behaviour like this can arise if you happen to nest realms (eg, /dir1 is a realm and then you configure /dir1/subdir as a realm also) or if you redirect resources from one realm to another parallel realm.

Is the page on the public internet? Can we have a look?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

-----Original Message-----
From: Barham, David [mailto:barhamd@xxxxxxx]
Sent: Montag, 7. November 2005 19:08
To: users@xxxxxxxxxxxxxxxx
Subject: [users@httpd] repeated authentication requests


I'm running Apache 2.0.52 on RHEL 2 (EM64T)
I've installed mod_auth_pam and have got the user authentication working correctly from a windows AD.
However, I'm finding that I'm getting asked to re-authenticate multiple times.
 
In a simple example I might get a page index.html with multiple images. The index.html downloads but then the next entry in the httpd log is a 401 for image1.gif. My browser prompts (again) for username/password but even while it is waiting for a response I see GETs for image2.gif, image3.gif etc.
 
If I cancel the username/password dialog box and then refresh the browser I get the gif which was missing the first time around but this time get the 401 on a different image. It seems to always be the second GET which causes this.
 
Has anyone seen this?
 
Thanks
David Barham

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a private and personal nature. It is not related to the exchange or business activities of the SWX Group. Le présent e-mail est un message privé et personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux