Just an idea - use "normal" authentication (use AuthUserFile - see docs for details) and see if it works. That will eliminate an apache config problem and clearly identify PAM as the culprit... Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > -----Original Message----- > From: Barham, David [mailto:barhamd@xxxxxxx] > Sent: Dienstag, 8. November 2005 12:52 > To: users@xxxxxxxxxxxxxxxx > Subject: RE: [users@httpd] repeated authentication requests > > > Usual document root is /var/www/html. I wanted to do the > testing somewhere else and /tmp/{my user} seemed like a good idea. > > Usually on for the first time I go to the secure pages after > starting a browser I get a 401 on the first page. Then, when > I authenticate I typically get a number of images down. Then, > if I go to another page I get a further 401, usually on the > first image to be loaded onto the page. However it is not > consistent and appears to happen pretty random. The 200 is > appearing as I went back to a page. > > I have just noticed that in the access_log in these > circumstances I see > > [Tue Nov 08 11:46:56 2005] [info] (104)Connection reset by > peer: core_output_filter: writing data to the network > [Tue Nov 08 11:46:56 2005] [error] [client 134.244.154.125] > PAM: user 'barhamd' - not authenticated: Authentication > failure, referer: http://cbrlux13/secure/teams/bodyshop/PSB_Menu.htm > [Tue Nov 08 11:46:56 2005] [error] [client 134.244.154.125] > PAM: user 'barhamd' - not authenticated: Authentication > failure, referer: http://cbrlux13/secure/teams/bodyshop/PSB_Menu.htm > [Tue Nov 08 11:46:56 2005] [info] (104)Connection reset by > peer: core_output_filter: writing data to the network > [Tue Nov 08 11:46:56 2005] [info] (104)Connection reset by > peer: core_output_filter: writing data to the network > [Tue Nov 08 11:47:08 2005] [info] (104)Connection reset by > peer: core_output_filter: writing data to the network > > So it looks like PAM is somehow failing to authenticate > against the DC. > > David > > -----Original Message----- > From: Boyle Owen [mailto:Owen.Boyle@xxxxxxx] > Sent: 08 November 2005 11:39 > To: users@xxxxxxxxxxxxxxxx > Subject: RE: [users@httpd] repeated authentication requests > > > > > -----Original Message----- > > From: Barham, David [mailto:barhamd@xxxxxxx] > > > Alias /tmp/barhamd "/tmp/barhamd/" > > What is the point of this directive? > Is /tmp/barhamd/ the full path to a directory? > > > > My /var/log/httpd/access_log shows > > 134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET > > /tmp/barhamd/ HTTP/1 > > .1" 200 769 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows > > NT 5.1; SV1; .NET CL > > R 1.1.4322)" > > 134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET > > /tmp/barhamd/2.jpg H > > TTP/1.1" 401 476 "http://cbrlux13/tmp/barhamd/" "Mozilla/4.0 > > I don't understand your URLs... http://cbrlux13/tmp/barhamd/ > implies that you have Docroot set to "/" - is that so? > > Also, why do you get a 200 on the first hit to GET > /tmp/barhamd/ ? You should get a 401 here so the browser > prompts for credentials. > > Restart the browser and try again. > > Rgds, > Owen Boyle > Disclaimer: Any disclaimer attached to this message may be ignored. > > > (compatible; MSIE 6 > > .0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" > > 134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET > > /tmp/barhamd/1.jpg H > > TTP/1.1" 200 1043 "http://cbrlux13/tmp/barhamd/" "Mozilla/4.0 > > (compatible; MSIE > > 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" > > 134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET > > /tmp/barhamd/3.jpg H > > TTP/1.1" 200 1316 "http://cbrlux13/tmp/barhamd/" "Mozilla/4.0 > > (compatible; MSIE > > 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" > > 134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET > > /tmp/barhamd/4.jpg H > > TTP/1.1" 200 1248 "http://cbrlux13/tmp/barhamd/" "Mozilla/4.0 > > (compatible; MSIE > > > > And after re-entering my username/password --- > > > > 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" > > 134.244.154.125 - barhamd [08/Nov/2005:09:36:36 +0000] "GET > > /tmp/barhamd/2.jpg H > > TTP/1.1" 200 1339 "http://cbrlux13/tmp/barhamd/" "Mozilla/4.0 > > (compatible; MSIE > > 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" > > > > The html for index.html is > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN"> > > <HTML> > > <HEAD> > > <TITLE>Home Page</TITLE> > > </HEAD> > > > > <P> > > <CENTER> > > <TABLE BORDER=0 CELLSPACING=4 CELLPADDING=2> > > <TR ALIGN=left> > > <TD><A HREF="one.htm"><IMG BORDER=0 SRC="1.jpg"></A></TD> > > </TR> > > <TR ALIGN=left> > > <TD><A HREF="two.htm"><IMG BORDER=0 SRC="2.jpg"></A></TD> > > </TR> > > <TR ALIGN=left> > > <TD><A HREF="three.htm"><IMG BORDER=0 SRC="3.jpg"></A></TD> > > </TR> > > <TR ALIGN=left> > > <TD><A HREF="four.htm"><IMG BORDER=0 SRC="4.jpg"></A></TD> > > </TR> > > </TABLE> > > </CENTER> > > > > </BODY> > > </HTML> > > > > > > Sorry page is not public so can't allow access. > > > > Thanks > > David Barham > > > > -----Original Message----- > > From: Boyle Owen [mailto:Owen.Boyle@xxxxxxx] > > Sent: 08 November 2005 07:38 > > To: users@xxxxxxxxxxxxxxxx > > Subject: RE: [users@httpd] repeated authentication requests > > > > Plain text please... > > > > First, what does "...from a windows AD" mean? Are you > > accessing the page via apache or locally via the filesystem? > > > > Regarding the problem; > > - how is your protected realm configured? (don't post the > > whole config - just the relevant section) > > - do you have more than one realm? > > - what is the path to the images (are they in the same dir > > are the page or a separate image dir)? > > - is the image dir also a protected realm? > > - are there any redirect rules in force? > > > > Confusing behaviour like this can arise if you happen to nest > > realms (eg, /dir1 is a realm and then you configure > > /dir1/subdir as a realm also) or if you redirect resources > > from one realm to another parallel realm. > > > > Is the page on the public internet? Can we have a look? > > > > Rgds, > > Owen Boyle > > Disclaimer: Any disclaimer attached to this message may be ignored. > > > > -----Original Message----- > > From: Barham, David [mailto:barhamd@xxxxxxx] > > Sent: Montag, 7. November 2005 19:08 > > To: users@xxxxxxxxxxxxxxxx > > Subject: [users@httpd] repeated authentication requests > > > > > > I'm running Apache 2.0.52 on RHEL 2 (EM64T) > > I've installed mod_auth_pam and have got the user > > authentication working correctly from a windows AD. > > However, I'm finding that I'm getting asked to > > re-authenticate multiple times. > > > > In a simple example I might get a page index.html with > > multiple images. The index.html downloads but then the next > > entry in the httpd log is a 401 for image1.gif. My browser > > prompts (again) for username/password but even while it is > > waiting for a response I see GETs for image2.gif, image3.gif etc. > > > > If I cancel the username/password dialog box and then refresh > > the browser I get the gif which was missing the first time > > around but this time get the 401 on a different image. It > > seems to always be the second GET which causes this. > > > > Has anyone seen this? > > > > Thanks > > David Barham > > > > Diese E-mail ist eine private und persönliche Kommunikation. > > Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der > > SWX Gruppe. This e-mail is of a private and personal nature. > > It is not related to the exchange or business activities of > > the SWX Group. Le présent e-mail est un message privé et > > personnel, sans rapport avec l'activité boursière du Groupe SWX. > > > > > > This message is for the named person's use only. It may > > contain confidential, proprietary or legally privileged > > information. No confidentiality or privilege is waived or > > lost by any mistransmission. If you receive this message in > > error, please notify the sender urgently and then immediately > > delete the message and any copies of it from your system. > > Please also immediately destroy any hardcopies of the > > message. You must not, directly or indirectly, use, disclose, > > distribute, print, or copy any part of this message if you > > are not the intended recipient. The sender's company reserves > > the right to monitor all e-mail communications through their > > networks. Any views expressed in this message are those of > > the individual sender, except where the message states > > otherwise and the sender is authorised to state them to be > > the views of the sender's company. > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP > > Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > > --------------------------------------------------------------------- > > The official User-To-User support forum of the Apache HTTP > > Server Project. > > See <URL:http://httpd.apache.org/userslist.html> for more info. > > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP > Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx