Clayton Hicklin wrote:
[...]
After doing some more reading, I really think this isn't going to work how I
want.
There, I think you are basically right.
IE is never going to send the password in clear (or even encoded as
Base64), unless you use Basic authentication, and in my opinion that
impl
On Wed, Sep 17, 2008 at 4:56 AM, André Warnier <[EMAIL PROTECTED]> wrote:
> Clayton Hicklin wrote:
>
>> On Tue, Sep 16, 2008 at 4:21 PM, André Warnier <[EMAIL PROTECTED]> wrote:
>>
>> I'm beginning to think
>
we're chasing our tails. IE is going to pass the credentials in NTLM
for
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 4:21 PM, André Warnier <[EMAIL PROTECTED]> wrote:
I'm beginning to think
we're chasing our tails. IE is going to pass the credentials in NTLM
format, I believe. Even if we got the username right, I'm thinking maybe
the password won't be readab
On Tue, Sep 16, 2008 at 4:25 PM, André Warnier <[EMAIL PROTECTED]> wrote:
> Clayton Hicklin wrote:
>
>> On Tue, Sep 16, 2008 at 4:05 PM, André Warnier <[EMAIL PROTECTED]> wrote:
>>
>> Clayton Hicklin wrote:
>>>
>>> On Tue, Sep 16, 2008 at 3:35 PM, André Warnier <[EMAIL PROTECTED]> wrote:
>>
On Tue, Sep 16, 2008 at 4:21 PM, André Warnier <[EMAIL PROTECTED]> wrote:
>
>>> I'm beginning to think
>
>> we're chasing our tails. IE is going to pass the credentials in NTLM
>> format, I believe. Even if we got the username right, I'm thinking maybe
>> the password won't be readable by mod_
Maybe not directly relevant, but just before I forget, this place has a
lot of information about IE HTTP NTLM authentication (apart from
providing a free Tomcat module to do it too) :
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
---
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 4:05 PM, André Warnier <[EMAIL PROTECTED]> wrote:
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 3:35 PM, André Warnier <[EMAIL PROTECTED]> wrote:
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 3:11 PM, André Warnier <[EMAIL PROTECTED]> wrote
I'm beginning to think
we're chasing our tails. IE is going to pass the credentials in NTLM
format, I believe. Even if we got the username right, I'm thinking maybe
the password won't be readable by mod_authn_ldap. I don't know.
IE can do either of 3 things, as far as I know :
1) if it i
On Tue, Sep 16, 2008 at 4:05 PM, André Warnier <[EMAIL PROTECTED]> wrote:
> Clayton Hicklin wrote:
>
>> On Tue, Sep 16, 2008 at 3:35 PM, André Warnier <[EMAIL PROTECTED]> wrote:
>>
>> Clayton Hicklin wrote:
>>>
>>> On Tue, Sep 16, 2008 at 3:11 PM, André Warnier <[EMAIL PROTECTED]> wrote:
>>
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 3:35 PM, André Warnier <[EMAIL PROTECTED]> wrote:
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 3:11 PM, André Warnier <[EMAIL PROTECTED]> wrote:
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 2:40 PM, Clayton Hicklin <[EMAIL PROTECTED]>
wr
On Tue, Sep 16, 2008 at 4:00 PM, André Warnier <[EMAIL PROTECTED]> wrote:
> Clayton Hicklin wrote:
>
>> On Tue, Sep 16, 2008 at 3:37 PM, Eric Covener <[EMAIL PROTECTED]> wrote:
>>
>> So, it looks like I need mod_setenvif, right? Could anybody write a
>
quick
>>>
directive that woul
This is a "trusted" site, which, according to the Windows Integrated
Authentication docs, means that IE will happily send the authentication
credentials, but I would be more inclined to think that they will just not
be in the right format for mod_authnz_ldap to handle. What's weird is that
it is d
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 3:37 PM, Eric Covener <[EMAIL PROTECTED]> wrote:
So, it looks like I need mod_setenvif, right? Could anybody write a
quick
directive that would look at REMOTE_USER to see if there is a backslash
("\"), and if there is, set the same variable to e
Eric Covener wrote:
On Tue, Sep 16, 2008 at 4:11 PM, André Warnier <[EMAIL PROTECTED]> wrote:
RequestHeader edit REMOTE_USER ^(?:[^\\]+\\)(.+)$ $1
the regexp should mean (if really it's a perl regexp) :
- for the first () group, match but do not capture
- match (potentially) from the beginning,
On Tue, Sep 16, 2008 at 3:35 PM, André Warnier <[EMAIL PROTECTED]> wrote:
> Clayton Hicklin wrote:
>
>> On Tue, Sep 16, 2008 at 3:11 PM, André Warnier <[EMAIL PROTECTED]> wrote:
>>
>> Clayton Hicklin wrote:
>>>
>>> On Tue, Sep 16, 2008 at 2:40 PM, Clayton Hicklin <[EMAIL PROTECTED]>
wrote:
André Warnier wrote:
Eric Covener wrote:
So, it looks like I need mod_setenvif, right? Could anybody write a
quick
directive that would look at REMOTE_USER to see if there is a backslash
("\"), and if there is, set the same variable to everything
following the
backslash? I think this would
On Tue, Sep 16, 2008 at 3:37 PM, Eric Covener <[EMAIL PROTECTED]> wrote:
> >> So, it looks like I need mod_setenvif, right? Could anybody write a
> quick
> >> directive that would look at REMOTE_USER to see if there is a backslash
> >> ("\"), and if there is, set the same variable to everything f
On Tue, Sep 16, 2008 at 4:11 PM, André Warnier <[EMAIL PROTECTED]> wrote:
> RequestHeader edit REMOTE_USER ^(?:[^\\]+\\)(.+)$ $1
>
> the regexp should mean (if really it's a perl regexp) :
> - for the first () group, match but do not capture
> - match (potentially) from the beginning, anything befo
Eric Covener wrote:
So, it looks like I need mod_setenvif, right? Could anybody write a quick
directive that would look at REMOTE_USER to see if there is a backslash
("\"), and if there is, set the same variable to everything following the
backslash? I think this would solve my problem. I woul
>> So, it looks like I need mod_setenvif, right? Could anybody write a quick
>> directive that would look at REMOTE_USER to see if there is a backslash
>> ("\"), and if there is, set the same variable to everything following the
>> backslash? I think this would solve my problem. I would rather u
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 3:11 PM, André Warnier <[EMAIL PROTECTED]> wrote:
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 2:40 PM, Clayton Hicklin <[EMAIL PROTECTED]>
wrote:
"So what I believe in this case, is that the LDAP module might, possibly,
rely on the "REMOTE_
On Tue, Sep 16, 2008 at 3:25 PM, Clayton Hicklin <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 16, 2008 at 3:11 PM, André Warnier <[EMAIL PROTECTED]> wrote:
>
>> Clayton Hicklin wrote:
>>
>>> On Tue, Sep 16, 2008 at 2:40 PM, Clayton Hicklin <[EMAIL PROTECTED]>
>>> wrote:
>>>
>>> "So what I believe in
On Tue, Sep 16, 2008 at 3:11 PM, André Warnier <[EMAIL PROTECTED]> wrote:
> Clayton Hicklin wrote:
>
>> On Tue, Sep 16, 2008 at 2:40 PM, Clayton Hicklin <[EMAIL PROTECTED]>
>> wrote:
>>
>> "So what I believe in this case, is that the LDAP module might, possibly,
>>> rely on the "REMOTE_USER" head
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 2:40 PM, Clayton Hicklin <[EMAIL PROTECTED]> wrote:
"So what I believe in this case, is that the LDAP module might, possibly,
rely on the "REMOTE_USER" header that IE is sometimes sending when the user
is authenticated in the domain. And that one
On Tue, Sep 16, 2008 at 2:40 PM, Clayton Hicklin <[EMAIL PROTECTED]> wrote:
> "So what I believe in this case, is that the LDAP module might, possibly,
> rely on the "REMOTE_USER" header that IE is sometimes sending when the user
> is authenticated in the domain. And that one indeed would probabl
"So what I believe in this case, is that the LDAP module might, possibly,
rely on the "REMOTE_USER" header that IE is sometimes sending when the user
is authenticated in the domain. And that one indeed would probably contain
the domain and user. If that is the case, then a simple manipulation of
Clayton Hicklin wrote:
On Tue, Sep 16, 2008 at 1:28 PM, André Warnier <[EMAIL PROTECTED]> wrote:
Clayton Hicklin wrote:
[...]
Clayton,
Your first communication was a bit summarised, so I did not know to
which extent you knew the underlying tidbits, from there my fist answer.
I am currently
On Tue, Sep 16, 2008 at 1:28 PM, André Warnier <[EMAIL PROTECTED]> wrote:
> Clayton Hicklin wrote:
>
>> I have LDAP authentication against Active Directory working perfectly in
>> Firefox, but my problem is with IE. IE automatically passes through the
>> username and password so once you are logg
On Tue, Sep 16, 2008 at 1:27 PM, Prasanna Ram Venkatachalam <
[EMAIL PROTECTED]> wrote:
> I guess there is SSPIOmitDomain directive which can be turned Off, to
> include the domain as well along with user name.
>
> (in mod_auth_sspi)
> Regards
> Prasanna Ram
>
>
> On Tue, Sep 16, 2008 at 11:53 PM,
Clayton Hicklin wrote:
I have LDAP authentication against Active Directory working perfectly in
Firefox, but my problem is with IE. IE automatically passes through the
username and password so once you are logged into the domain, you don't have
to type it in again.
That's great, except it is pa
I guess there is SSPIOmitDomain directive which can be turned Off, to
include the domain as well along with user name.
(in mod_auth_sspi)
Regards
Prasanna Ram
On Tue, Sep 16, 2008 at 11:53 PM, Clayton Hicklin <[EMAIL PROTECTED]>wrote:
> On Tue, Sep 16, 2008 at 1:22 PM, Clayton Hicklin <[EMAIL PR
On Tue, Sep 16, 2008 at 1:22 PM, Clayton Hicklin <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 16, 2008 at 10:58 AM, Davide Bianchi <[EMAIL PROTECTED]>wrote:
>
>> Clayton Hicklin wrote:
>> > I have LDAP authentication against Active Directory working perfectly in
>> > Firefox, but my problem is with IE
On Tue, Sep 16, 2008 at 10:58 AM, Davide Bianchi <[EMAIL PROTECTED]>wrote:
> Clayton Hicklin wrote:
> > I have LDAP authentication against Active Directory working perfectly in
> > Firefox, but my problem is with IE. IE automatically passes through the
> > username and password so once you are lo
On Tue, Sep 16, 2008 at 11:44 AM, Eric Covener <[EMAIL PROTECTED]> wrote:
> On Tue, Sep 16, 2008 at 11:40 AM, Clayton Hicklin <[EMAIL PROTECTED]>
> wrote:
> > As far as I can tell, the \ prefix is not stored anywhere inside
> the
> > user object, so there is no way to authenticate with the credent
On Tue, Sep 16, 2008 at 11:40 AM, Clayton Hicklin <[EMAIL PROTECTED]> wrote:
> As far as I can tell, the \ prefix is not stored anywhere inside the
> user object, so there is no way to authenticate with the credentials that IE
> provides.
>
> Has anybody got this working? Is there some sort of wor
Clayton Hicklin wrote:
> I have LDAP authentication against Active Directory working perfectly in
> Firefox, but my problem is with IE. IE automatically passes through the
> username and password so once you are logged into the domain, you don't
> have to type it in again.
See if this http://www.
I have LDAP authentication against Active Directory working perfectly in
Firefox, but my problem is with IE. IE automatically passes through the
username and password so once you are logged into the domain, you don't have
to type it in again.
That's great, except it is passed through as \. To do
37 matches
Mail list logo