RE: [users@httpd] repeated authentication requests

Barham, David Tue, 08 Nov 2005 01:43:55 -0800

Apache is running on the RHEL4 linux box. I'm using mod_auth_pam to 
authenticate the users against a windows AD. (i.e. apache prompts for 
username/password which is then past to PAM to authenticate via pam_smb.


At the moment I've only got one realm, so the relevant bits of httpd.conf read:-

LoadModule auth_pam_module modules/mod_auth_pam.so
LoadModule auth_sys_group_module modules/mod_auth_sys_group.so

Alias /tmp/barhamd "/tmp/barhamd/"
<Directory "/tmp/barhamd">
AuthName "PAM DB area"
AuthType "basic"
require group sdtsd
</Directory>

/etc/pam.d/httpd contains
auth       required     /lib64/security/pam_smb_auth.so debug nolocal
account    required     /lib64/security/pam_permit.so

/etc/pam_smb.conf contains
{windows domain name}
{DC of domain name}

Index.html and 1.gif - 5.gif all sit in /tmp/barhamd 

My /var/log/httpd/access_log shows
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/ HTTP/1
.1" 200 769 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CL
R 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/2.jpg H
TTP/1.1" 401 476 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 (compatible; MSIE 6
.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/1.jpg H
TTP/1.1" 200 1043 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/3.jpg H
TTP/1.1" 200 1316 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET /tmp/barhamd/4.jpg H
TTP/1.1" 200 1248 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 (compatible; MSIE

And after re-entering my username/password ---

6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
134.244.154.125 - barhamd [08/Nov/2005:09:36:36 +0000] "GET /tmp/barhamd/2.jpg H
TTP/1.1" 200 1339 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 (compatible; MSIE
6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"

The html for index.html is 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<HTML>
<HEAD>
<TITLE>Home Page</TITLE>
</HEAD>

<P>
<CENTER>
<TABLE BORDER=0 CELLSPACING=4 CELLPADDING=2>
<TR ALIGN=left>
        <TD><A HREF="one.htm"><IMG BORDER=0 SRC="1.jpg"></A></TD>
</TR>
<TR ALIGN=left>
        <TD><A HREF="two.htm"><IMG BORDER=0 SRC="2.jpg"></A></TD>
</TR>
<TR ALIGN=left>
        <TD><A HREF="three.htm"><IMG BORDER=0 SRC="3.jpg"></A></TD>
</TR>
<TR ALIGN=left>
        <TD><A HREF="four.htm"><IMG BORDER=0 SRC="4.jpg"></A></TD>
</TR>
</TABLE>
</CENTER>

</BODY>
</HTML>


Sorry page is not public so can't allow access.

Thanks
David Barham

-----Original Message-----
From: Boyle Owen [mailto:[EMAIL PROTECTED] 
Sent: 08 November 2005 07:38
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] repeated authentication requests

Plain text please...

First, what does "...from a windows AD" mean? Are you accessing the page via 
apache or locally via the filesystem?

Regarding the problem;
- how is your protected realm configured? (don't post the whole config - just 
the relevant section)
- do you have more than one realm?
- what is the path to the images (are they in the same dir are the page or a 
separate image dir)?
- is the image dir also a protected realm?
- are there any redirect rules in force?

Confusing behaviour like this can arise if you happen to nest realms (eg, /dir1 
is a realm and then you configure /dir1/subdir as a realm also) or if you 
redirect resources from one realm to another parallel realm.

Is the page on the public internet? Can we have a look?

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

-----Original Message-----
From: Barham, David [mailto:[EMAIL PROTECTED]
Sent: Montag, 7. November 2005 19:08
To: users@httpd.apache.org
Subject: [EMAIL PROTECTED] repeated authentication requests


I'm running Apache 2.0.52 on RHEL 2 (EM64T)
I've installed mod_auth_pam and have got the user authentication working 
correctly from a windows AD.
However, I'm finding that I'm getting asked to re-authenticate multiple times.
 
In a simple example I might get a page index.html with multiple images. The 
index.html downloads but then the next entry in the httpd log is a 401 for 
image1.gif. My browser prompts (again) for username/password but even while it 
is waiting for a response I see GETs for image2.gif, image3.gif etc.
 
If I cancel the username/password dialog box and then refresh the browser I get 
the gif which was missing the first time around but this time get the 401 on a 
different image. It seems to always be the second GET which causes this.
 
Has anyone seen this?
 
Thanks
David Barham

Diese E-mail ist eine private und persönliche Kommunikation. Sie hat keinen 
Bezug zur Börsen- bzw. Geschäftstätigkeit der SWX Gruppe. This e-mail is of a 
private and personal nature. It is not related to the exchange or business 
activities of the SWX Group. Le présent e-mail est un message privé et 
personnel, sans rapport avec l'activité boursière du Groupe SWX.
 
 
This message is for the named person's use only. It may contain confidential, 
proprietary or legally privileged information. No confidentiality or privilege 
is waived or lost by any mistransmission. If you receive this message in error, 
please notify the sender urgently and then immediately delete the message and 
any copies of it from your system. Please also immediately destroy any 
hardcopies of the message. You must not, directly or indirectly, use, disclose, 
distribute, print, or copy any part of this message if you are not the intended 
recipient. The sender's company reserves the right to monitor all e-mail 
communications through their networks. Any views expressed in this message are 
those of the individual sender, except where the message states otherwise and 
the sender is authorised to state them to be the views of the sender's company.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [users@httpd] repeated authentication requests

Reply via email to