We recently installed AuthenNTLM where I work, and ran into the POST problems described in the thread at
http://marc.theaimsgroup.com/?t=103177365400006&r=1&w=2 After looking through a couple of network traces I think I've found the problem. It appears that after IE authenticates via NTLM, it sends type 1 messages for subsequent requests during a keepalive session. This is fine and dandy unless you're sending a POST request - when it sends the type 1 message, it also sends a "Content-length: 0", and doesn't append the POST data. Since the browser has successfully authenticated itself earlier in the keepalive session, AuthenNTLM validates the request and a POST with no accompanying POST data gets passed to the server. Attached is a patch against the 0.21 release that fixes this behavior (in our environment, at any rate). I know very little about NTLM authentication and mod_perl coding, so the patch may not be entirely correct.
--- /usr/local/perl/lib/site_perl/5.6.1/sun4-solaris/Apache/AuthenNTLM.pm Thu Nov 7 17:29:15 2002 +++ ./AuthenNTLM.pm Tue Sep 3 11:03:04 2002 @@ -502,21 +502,9 @@ $conn -> user($self->{mappedusername}) ; # we accecpt the user because we are on the same connection - $type = $self -> get_msg ($r); - print STDERR "[$$] AuthenNTLM: OK because same connection pid = $$, connection = $$conn cuser = " . - $conn -> user . ' ip = ' . $conn -> remote_ip . 'hash = ' . $self -> {usernthash} . "\n" if ($debug) ; - - - # IE (5.5, 6.0, probably others) can send a type 1 message - # after authenticating on the same connection. This is a - # problem for POST messages, because IE also sends a - # "Content-length: 0" with no POST data. - if (! $self -> {ntlm} || (defined ($type) && $type == 3) ) - { - return OK ; - } - # Else fall through to the authentication below. - + print STDERR "[$$] AuthenNTLM: OK because same connection pid = $$, +connection = $$conn cuser = " . + $conn -> user . ' ip = ' . $conn -> remote_ip . "\n" +if ($debug) ; + return OK ; } }