Re: Multiple ssh login prompts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Boyle Owen wrote:
-----Original Message-----
From: Patrick Horgan [mailto:phorgan1@xxxxxxxxx] Sent: Wednesday, January 06, 2010 6:41 AM
To: users@xxxxxxxxxxxxxxxx
Subject:  Multiple ssh login prompts

On a site that I set up on fedora, https://ootbcomp.com, which brings you to a mediawiki installation, there are ten ssl login prompts each above the other, so if you log in to one of them, the next one down in the stack appears in my firefox browser. If I log in ten times I get the site, if I log in once and cancel the other nine I get one pane of the site and a refresh in the browser gets the whole site. After that I'm not prompted again unless I restart the browser of course. Does anyone have any idea what I did? I've never seen this behavior before. The system:

How are your Basic Auth realms defined? Do you have a single realm with
all content within? Or many parallel realms? Or nested realms?
Just one, set up in the Directory for wiki.  Here's my ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
   DocumentRoot "/var/www/https"
   DefineExternalAuth pwauth pipe /usr/local/libexec/pwauth
   ErrorLog logs/ssl_error_log
   TransferLog logs/ssl_access_log
   LogLevel warn
   SSLEngine on
   SSLProtocol all -SSLv2
   SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
   SSLCertificateFile /etc/pki/tls/certs/ootbcomp.crt
   SSLCertificateKeyFile /etc/pki/tls/private/ootbcomp.key
   <Files ~ "\.(cgi|shtml|phtml|php3?)$">
       SSLOptions +StdEnvVars
   </Files>
   <Directory "/var/www/https/">
       Allow From All
       AuthBasicProvider external
       AuthBasicAuthoritative Off
       AuthType Basic
       AuthName "Password Required"
       AuthExternal pwauth
       Options FollowSymLinks
       Require valid-user
   </Directory>
   <Directory "/var/www/https/cgi-bin">
       SSLOptions +StdEnvVars
   </Directory>
   Include /etc/httpd/conf.d/mailman.conf
   SetEnvIf User-Agent ".*MSIE.*" \
            nokeepalive ssl-unclean-shutdown \
            downgrade-1.0 force-response-1.0
   CustomLog logs/ssl_request_log \
             "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
   ScriptAlias /cgi-bin "/var/www/https/cgi-bin/"
   Include /etc/httpd/conf.d/millwiki.include
</VirtualHost>

It includes inside the virtual host the mailman configuration and the wiki configuration.
Here's the mailman.conf:

ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
<Directory /usr/lib/mailman/cgi-bin/>
   AllowOverride None
   Options ExecCGI
   Order allow,deny
   Allow from all
</Directory>
Alias /pipermail/ /var/lib/mailman/archives/public/
<Directory /var/lib/mailman/archives/public>
   Options Indexes MultiViews FollowSymLinks
   AllowOverride None
   Order allow,deny
   Allow from all
   AddDefaultCharset Off
</Directory>
RedirectMatch ^/mailman[/]*$ http://s2.ootbcomp.com/mailman/listinfo

and here's the millwiki.conf

 Alias /wiki       /home/ootbc/site/https/htdocs/mediawiki/index.php
 Alias /index.php  /home/ootbc/site/https/htdocs/mediawiki/index.php
 <Directory "/home/ootbc/site/https/htdocs/mediawiki">
     Options Indexes MultiViews FollowSymLinks
     AllowOverride None
     Order allow,deny
     Allow from all
 </Directory>
 <Directory "/home/ootbc/site/https/htdocs/mediawiki/upload">
    AllowOverride None
    AddType text/plain .html .htm .shtml
 </Directory>
 <Directory /home/ootbc/site/https/htdocs/mediawiki/config>
         Options -FollowSymLinks
         AllowOverride None
 </Directory>
 <Directory /home/ootbc/site/https/htdocs/mediawiki/images>
         Options -FollowSymLinks
         AllowOverride None
 </Directory>
 RewriteEngine on
RewriteRule ^/wiki/en/(.*)$ /home/ootbc/site/https/htdocs/mediawiki/wiki.phtml?title=$1

You mention "panes" so I guess that components of the site are loaded
with dojo ContentPanes or iframes or similar? If so, how do the hrefs
look? Do they have absolute URLs
(href="https://ootbcomp.com/path/to/content";) or relative links
(href="/path/to/content")?
The wiki seems to only use relative for it's content, certainly so for this initial load. The gets upon connecting unauthenticated (from ssl_request_log) are:

99.61.74.22 - - [06/Jan/2010:09:52:12 -0800] "GET /wiki/Main_Page HTTP/1.1" 200 7309 99.61.74.22 - - [06/Jan/2010:09:52:24 -0800] "GET /mediawiki/index.php?title=MediaWiki:Monobook.css&usemsgcache=yes&ctype=text%2Fcss&smaxage=18000&action=raw&maxage=18000 HTTP/1.1" 401 480 99.61.74.22 - - [06/Jan/2010:09:52:28 -0800] "GET /mediawiki/skins/common/shared.css?207 HTTP/1.1" 401 480 99.61.74.22 - - [06/Jan/2010:09:52:34 -0800] "GET /mediawiki/skins/common/commonPrint.css?207 HTTP/1.1" 401 480 99.61.74.22 - - [06/Jan/2010:09:52:38 -0800] "GET /mediawiki/index.php?title=-&action=raw&maxage=18000&gen=css HTTP/1.1" 401 480 99.61.74.22 - - [06/Jan/2010:09:52:40 -0800] "GET /mediawiki/skins/monobook/main.css?207 HTTP/1.1" 401 480 99.61.74.22 - - [06/Jan/2010:09:52:40 -0800] "GET /mediawiki/skins/common/ajax.js?207 HTTP/1.1" 401 480 99.61.74.22 - - [06/Jan/2010:09:52:42 -0800] "GET /mediawiki/skins/common/wikibits.js?207 HTTP/1.1" 401 480 99.61.74.22 - - [06/Jan/2010:09:52:42 -0800] "GET /mediawiki/index.php?title=-&action=raw&gen=js&useskin=monobook HTTP/1.1" 401 480 99.61.74.22 - - [06/Jan/2010:09:52:42 -0800] "GET /mediawiki/index.php?title=MediaWiki:Common.css&usemsgcache=yes&ctype=text%2Fcss&smaxage=18000&action=raw&maxage=18000 HTTP/1.1" 401 480 99.61.74.22 - - [06/Jan/2010:09:52:43 -0800] "GET /favicon.ico HTTP/1.1" 401 480 99.61.74.22 - - [06/Jan/2010:09:52:46 -0800] "GET /mediawiki/index.php?title=MediaWiki:Print.css&usemsgcache=yes&ctype=text%2Fcss&smaxage=18000&action=raw&maxage=18000 HTTP/1.1" 401 480

You see that there are 13 of them for which I receive 10 requests for username and password.

Patrick


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux