Hey folks, I just got NTLM authentication working on one of my Red Hat 5.4 machines thanks to this module. Oh thank god, you wouldn't believe how many different methods I had tried until this module worked.
I did have a few things that I had to change to get it working: 1) I had to comment out the 'use strict' in AuthenNTLM.pm, lest it complain about barewords not allowed while 'strict subs' in use 2) I had to change Apache to Apache2 in the 'if (MP2)' require statements, which I'm sure is how I built it or something specific to my distribution. Regardless, not a big deal. 3) I had to change 'use mod_perl' to 'use mod_perl2' However, I'm seeing that HTTP basic auth isn't being tried if NTLM fails (I never get an auth popup, Nagios just acts as if it didn't get a username). From the docs, I would expect the following settings within the Apache Location: PerlSetVar ntlmauthoritative off PerlSetVar basicauthoritative on would tell it to try NTLM, and if that fails, use basic auth. I never get an authorization box. I have tried all permutations of "off" and "on" with both directives, and they all behave the same - if NTLM fails, I am not authorized. The specs: Red Hat 5.4 Apache 2.2.3 (via RHEL RPM) mod_perl 2.0.4 (via RHEL RPM) Apache-AuthenNTLM v 2.10 downloaded from CPAN and installed by hand (perl Makefile.pl ; make ; make test ; make install) and then AuthenNTLM.pm tweaked: --- ../Apache-AuthenNTLM-2.10/AuthenNTLM.pm 2005-02-07 09:51:57.000000000 -0600 +++ ./AuthenNTLM.pm 2010-04-15 11:05:07.000000000 -0500 @@ -16,7 +16,7 @@ package Apache::AuthenNTLM ; -use strict ; +#use strict ; use vars qw{$cache $VERSION %msgflags1 %msgflags2 %msgflags3 %invflags1 %invflags2 %invflags3 $addr $port $debug} ; $VERSION = 2.10 ; @@ -66,7 +66,7 @@ ############################################ # here is where we start the new code.... ############################################ -use mod_perl ; +use mod_perl2 ; # use Apache::Constants qw(:common); # setting the constants to help identify which version of mod_perl @@ -76,13 +76,13 @@ # test for the version of mod_perl, and use the appropriate libraries BEGIN { if (MP2) { - require Apache::Const ; - require Apache::Access ; - require Apache::Connection ; - require Apache::Log ; - require Apache::RequestRec ; - require Apache::RequestUtil ; - require Apache::RequestIO ; + require Apache2::Const ; + require Apache2::Access ; + require Apache2::Connection ; + require Apache2::Log ; + require Apache2::RequestRec ; + require Apache2::RequestUtil ; + require Apache2::RequestIO ; require APR::Table ; require APR::SockAddr ; Apache::Const->import(-compile => 'HTTP_UNAUTHORIZED','HTTP_IN ERNAL_SERVER_ERROR','DECLINED','HTTP_FORBIDDEN','OK') ; Now, it appears that the 'PerlSetVar basicauthoritative' section of the pod is a copy-n-paste from ntlmauthoritative and hasn't been corrected; am I reading too much into what I think should be there? Thanks for any help you can give me! Benny -- Me: 'How big a monster can you take out with one of those? Would you win a fight with Godzilla?' Jim: 'You could disassemble Godzilla at a range of seven miles.' -- Blog entry about the 76mm Melera, a gun on a US Navy Perry-class frigate that Somali pirates tried to seize -- Me: 'How big a monster can you take out with one of those? Would you win a fight with Godzilla?' Jim: 'You could disassemble Godzilla at a range of seven miles.' -- Blog entry about the 76mm Melera, a gun on a US Navy Perry-class frigate that Somali pirates tried to seize