Re: Header set & WWW-Authenticate

["Neelam Kumar Sharma" <neelam_sharma@xxxxxxxxxxxxxxxx>]

I think you need to change the setting on IIS webserver. Navigate as follow
virtual directory of your website -> Directory Security ->edit. Check the basic Authentication and uncheck the Integrated Window Authentication. Restart the webserver.

 

Neelam Kumar Sharma

PSPL PUNE INDIA

 

 

----- Original Message -----

From: "Pieter Vanmeerbeek" <pieter@xxxxxxxxxxxxxxx>

To: <users@xxxxxxxxxxxxxxxx>

Sent: Wednesday, September 26, 2007 3:30 PM

Subject: Header set & WWW-Authenticate

> Hi,
> 
> I'm working with the following setup : 
>
> Client <-- internet--> apache reverse proxy <--lan--> owa
2003 with NTLM &
> basic  authenticaton activated
>
> When using this setup the NTLM authentication is chosen by a browser on
the
> client instead of the basic authentication.
> My goal is to
use basic authentication and to disable NTLM authentication.
>
Unfortunalty due to circumstances I cannot disable it on the owa server
>
itself.
> Hence I was searching for a way to achief the same result using
the reverse
> proxy.
> 
> In the apache doc I found the Header
directive which allows modification of
> headers if they exist.
> So
I'm getting the following headers from  the IIS :
> 
>
WWW-Authenticate: Negotiate 
> WWW-Authenticate: NTLM 
>
WWW-Authenticate: Basic realm="x.x.x.x"
> 
> And I want to only
comminicate the basic one to the client.
> 
> When using Header
unset WWW-Authenticate all headers are removed resulting
> in an error
since no authentication is performed.
> So I wanted to use the Header edit
option which allows modification in the
> header exists
> 
>
Header edit WWW-Authenticate: ^NTLM dummy
> 
> 
> Unfortunatly
doing this results in removal of all WWW-Authenticate headers
> except for
the Negotiate instead of modification of the headers.
> Headers sent to
client : 
> WWW-Authenticate: Negotiate
> 
> 
> Can
anyone help me and tell me what I'm doing wrong?
> 
> Kind
regards
> Pieter
> 
> 
> 
>
---------------------------------------------------------------------
>
The official User-To-User support forum of the Apache HTTP Server
Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>    "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>

DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.