On Fri, Mar 26, 2010 at 12:23 PM, Chris Franks <chris.franks@xxxxxxxxxxxxxxx> wrote: > Hi, > > We're experiencing problems authenticating users with complex characters (8 bit character outside the us-ascii set e.g. pound-sterling symbol) in their password. > > We're running Apache 2.2.3 on UNIX and, for Kerberos, running kinit from the command line authenticates users correctly (including users with complex characters in their password). Through Apache though using Kerberos or LDAP, we're getting login failures only for this subset of users. For LDAP authentication, mod_authz_ldap logs: > > [Fri Mar 26 14:24:33 2010] [error] [client 128.240.56.105] [10639] bind as CN=user,OU=Users,DC=ncl,DC=ac,DC=uk failed: 49 > [Fri Mar 26 14:24:33 2010] [error] [client 128.240.56.105] [10639] basic LDAP authentication of user 'user' failed > > This would suggest that some translation of the password between the basic-auth and the LDAP server is not working. Because we can use kinit successfully on the command line for Kerberos I'm pretty much ruling out the operating system (CENTOS) and was wondering if anyone has any experience of this kind of problem with Apache? mod_authnz_ldap has some code that allows Apache to try to guess what non-utf8 charset the username or password (development branch only I believe) might have been transmitted in. See https://issues.apache.org/bugzilla/show_bug.cgi?id=45318 or http://httpd.apache.org/docs/2.1/mod/mod_authnz_ldap.html#authldapcharsetconfig -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|