RE: NT-Apache authorization.....URGENT

Fri, 3 Dec 1999 07:07:36 -0800 

----------------------------------------------------------------
BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
WHEN YOU POST, include all relevant version numbers, log files,
and configuration files.  Don't make us guess your problem!!!
----------------------------------------------------------------

Sorry no, I had the references at work - easy enough to find with altavista - just try 
"+web +ntlm +security"

You're right though - in an intranet ntlm is relatively safe and convenient. Your 
firewall should strip any ntmlm authentication
information from getting to the outside.

***********************************************************
Brett Knights                             626-432-5767 work
[EMAIL PROTECTED]                 626-355-1017 home
***********************************************************


> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of SeJo
> Sent: Friday, December 03, 1999 6:37 AM
> To: Java Apache Users
> Subject: Re: NT-Apache authorization.....URGENT
>
>
> ----------------------------------------------------------------
> BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> WHEN YOU POST, include all relevant version numbers, log files,
> and configuration files.  Don't make us guess your problem!!!
> ----------------------------------------------------------------
>
> Brett,
>
> thank for advice....I was considering that too, but am pretty
> sure that wont
> happen in this environment (small intranet).
>
> You mentioned some decent web sites.......but i see no track
> of them in your
> mail......can you (re)send them please?
>
> thanks again
>
> SeJo
>
> ----- Original Message -----
> From: Brett Knights <[EMAIL PROTECTED]>
> To: 'Java Apache Users' <[EMAIL PROTECTED]>
> Sent: Friday, December 03, 1999 3:28 PM
> Subject: RE: NT-Apache authorization.....URGENT
>
>
> > ----------------------------------------------------------------
> > BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> > WHEN YOU POST, include all relevant version numbers, log files,
> > and configuration files.  Don't make us guess your problem!!!
> > ----------------------------------------------------------------
> >
> > Whoa!
> > Think carefully before you start flying your ntlm passwords
> around the
> net.
> > If your concern is BasicAuthentication vs. NTLM I'd highly
> recommend using
> SSL.
> >
> > When I looked at this I found a few decent web sites that
> address the
> topic. Check them out.
> > Remember if someone captures an Apache password they can
> still only mess
> with what is controlled by apache. IF someone captures an
> > NTLM token for a user that can write to the registry they
> can mess with
> your server.
> >
> >
> > ***********************************************************
> > Brett Knights                             626-432-5767 work
> > [EMAIL PROTECTED]                 626-355-1017 home
> > ***********************************************************
> >
> >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf
> Of Philippe
> > > Johan 999900280
> > > Sent: Thursday, December 02, 1999 2:36 AM
> > > To: SeJo; Java Apache Users
> > > Subject: Re:NT-Apache authorization.....URGENT
> > >
> > >
> > > ----------------------------------------------------------------
> > > BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> > > WHEN YOU POST, include all relevant version numbers, log files,
> > > and configuration files.  Don't make us guess your problem!!!
> > > ----------------------------------------------------------------
> > >
> > > SeJo,
> > >
> > > concerning authorization, have a look at the module mod_ntlm at
> > > http://www.ozemail.com.au/~timcostello/mod_ntlm/
> > > (you can find it also in the modules.apache.org catalog).
> > >
> > > Now as to fetch the user name or something else, I think that'll
> > > depend on the module you use for authentication.
> > >
> > > regards,
> > >
> > > Johan Philippe
> > > E&Y Consulting
> > >
> > > SeJo:
> > > ----------------------------------------------------------------
> > > BEFORE YOU POST, search the faq at <http://java.apache.org/faq/>
> > > WHEN YOU POST, include all relevant version numbers, log files,
> > > and configuration files.  Don't make us guess your problem!!!
> > > ----------------------------------------------------------------
> > >
> > > Hello,
> > >
> > > I am using ApacheWebServer and JServ on NT 4.0 and would like
> > > to configure
> > > it (apache) to use the NT passwords for authorization. I
> > > still didn't find
> > > the right module for doing so........
> > >
> > > But, the most important question is:
> > >
> > > How can I fetch the apache user name from the servlet code,
> > > once the user is
> > > logged in using the apache authorization (no matter which one
> > > (files, DB's
> > > ..NT))?
> > >
> > > help,help,help.....
> > >
> > >
> > > SeJo
> > >
> > > ------------------------------------------------------------
> > > Selim Cesic
> > > Synes N.V.
> > >
> > > Email: [EMAIL PROTECTED]
> > > Home: http://www.synes.com
> > >
> > > ------------------------------------------------------------
> > >
> > >
> > >
> > >
> > > --
> > > --------------------------------------------------------------
> > > Please read the FAQ! <http://java.apache.org/faq/>
> > > To subscribe:        [EMAIL PROTECTED]
> > > To unsubscribe:      [EMAIL PROTECTED]
> > > Archives and Other:  <http://java.apache.org/main/mail.html>
> > > Problems?:           [EMAIL PROTECTED]
> > >
> > >
> > >
> > >
> > > --
> > > --------------------------------------------------------------
> > > Please read the FAQ! <http://java.apache.org/faq/>
> > > To subscribe:        [EMAIL PROTECTED]
> > > To unsubscribe:      [EMAIL PROTECTED]
> > > Archives and Other:  <http://java.apache.org/main/mail.html>
> > > Problems?:           [EMAIL PROTECTED]
> > >
> > >
> >
> >
> >
> > --
> > --------------------------------------------------------------
> > Please read the FAQ! <http://java.apache.org/faq/>
> > To subscribe:        [EMAIL PROTECTED]
> > To unsubscribe:      [EMAIL PROTECTED]
> > Archives and Other:  <http://java.apache.org/main/mail.html>
> > Problems?:           [EMAIL PROTECTED]
> >
>
>
>
> --
> --------------------------------------------------------------
> Please read the FAQ! <http://java.apache.org/faq/>
> To subscribe:        [EMAIL PROTECTED]
> To unsubscribe:      [EMAIL PROTECTED]
> Archives and Other:  <http://java.apache.org/main/mail.html>
> Problems?:           [EMAIL PROTECTED]
>



--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe:        [EMAIL PROTECTED]
To unsubscribe:      [EMAIL PROTECTED]
Archives and Other:  <http://java.apache.org/main/mail.html>
Problems?:           [EMAIL PROTECTED]

Reply via email to