RE: [users@httpd] repeated authentication requests

Tue, 08 Nov 2005 03:52:12 -0800 

Usual document root is /var/www/html. I wanted to do the testing somewhere else 
and /tmp/{my user} seemed like a good idea.

Usually on for the first time I go to the secure pages after starting a browser 
I get a 401 on the first page. Then, when I authenticate I typically get a 
number of images down. Then, if I go to another page I get a further 401, 
usually on the first image to be loaded onto the page. However it is not 
consistent and appears to happen pretty random. The 200 is appearing as I went 
back to a page.

I have just noticed that in the access_log in these circumstances I see
 
[Tue Nov 08 11:46:56 2005] [info] (104)Connection reset by peer: 
core_output_filter: writing data to the network
[Tue Nov 08 11:46:56 2005] [error] [client 134.244.154.125] PAM: user 'barhamd' 
- not authenticated: Authentication failure, referer: 
http://cbrlux13/secure/teams/bodyshop/PSB_Menu.htm
[Tue Nov 08 11:46:56 2005] [error] [client 134.244.154.125] PAM: user 'barhamd' 
- not authenticated: Authentication failure, referer: 
http://cbrlux13/secure/teams/bodyshop/PSB_Menu.htm
[Tue Nov 08 11:46:56 2005] [info] (104)Connection reset by peer: 
core_output_filter: writing data to the network
[Tue Nov 08 11:46:56 2005] [info] (104)Connection reset by peer: 
core_output_filter: writing data to the network
[Tue Nov 08 11:47:08 2005] [info] (104)Connection reset by peer: 
core_output_filter: writing data to the network

So it looks like PAM is somehow failing to authenticate against the DC. 

David

-----Original Message-----
From: Boyle Owen [mailto:[EMAIL PROTECTED] 
Sent: 08 November 2005 11:39
To: users@httpd.apache.org
Subject: RE: [EMAIL PROTECTED] repeated authentication requests



> -----Original Message-----
> From: Barham, David [mailto:[EMAIL PROTECTED]

> Alias /tmp/barhamd "/tmp/barhamd/"

What is the point of this directive?
Is /tmp/barhamd/ the full path to a directory?


> My /var/log/httpd/access_log shows
> 134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET 
> /tmp/barhamd/ HTTP/1
> .1" 200 769 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 
> NT 5.1; SV1; .NET CL
> R 1.1.4322)"
> 134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET 
> /tmp/barhamd/2.jpg H
> TTP/1.1" 401 476 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 

I don't understand your URLs... http://cbrlux13/tmp/barhamd/ implies that you 
have Docroot set to "/" - is that so?

Also, why do you get a 200 on the first hit to GET /tmp/barhamd/ ? You should 
get a 401 here so the browser prompts for credentials.

Restart  the browser and try again.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> (compatible; MSIE 6
> .0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
> 134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET 
> /tmp/barhamd/1.jpg H
> TTP/1.1" 200 1043 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 
> (compatible; MSIE
> 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
> 134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET 
> /tmp/barhamd/3.jpg H
> TTP/1.1" 200 1316 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 
> (compatible; MSIE
> 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
> 134.244.154.125 - barhamd [08/Nov/2005:09:36:33 +0000] "GET 
> /tmp/barhamd/4.jpg H
> TTP/1.1" 200 1248 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 
> (compatible; MSIE
> 
> And after re-entering my username/password ---
> 
> 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
> 134.244.154.125 - barhamd [08/Nov/2005:09:36:36 +0000] "GET 
> /tmp/barhamd/2.jpg H
> TTP/1.1" 200 1339 "http://cbrlux13/tmp/barhamd/"; "Mozilla/4.0 
> (compatible; MSIE
> 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)"
> 
> The html for index.html is 
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
> <HTML>
> <HEAD>
> <TITLE>Home Page</TITLE>
> </HEAD>
> 
> <P>
> <CENTER>
> <TABLE BORDER=0 CELLSPACING=4 CELLPADDING=2>
> <TR ALIGN=left>
>         <TD><A HREF="one.htm"><IMG BORDER=0 SRC="1.jpg"></A></TD>
> </TR>
> <TR ALIGN=left>
>         <TD><A HREF="two.htm"><IMG BORDER=0 SRC="2.jpg"></A></TD>
> </TR>
> <TR ALIGN=left>
>         <TD><A HREF="three.htm"><IMG BORDER=0 SRC="3.jpg"></A></TD>
> </TR>
> <TR ALIGN=left>
>         <TD><A HREF="four.htm"><IMG BORDER=0 SRC="4.jpg"></A></TD>
> </TR>
> </TABLE>
> </CENTER>
> 
> </BODY>
> </HTML>
> 
> 
> Sorry page is not public so can't allow access.
> 
> Thanks
> David Barham
> 
> -----Original Message-----
> From: Boyle Owen [mailto:[EMAIL PROTECTED] 
> Sent: 08 November 2005 07:38
> To: users@httpd.apache.org
> Subject: RE: [EMAIL PROTECTED] repeated authentication requests
> 
> Plain text please...
> 
> First, what does "...from a windows AD" mean? Are you 
> accessing the page via apache or locally via the filesystem?
> 
> Regarding the problem;
> - how is your protected realm configured? (don't post the 
> whole config - just the relevant section)
> - do you have more than one realm?
> - what is the path to the images (are they in the same dir 
> are the page or a separate image dir)?
> - is the image dir also a protected realm?
> - are there any redirect rules in force?
> 
> Confusing behaviour like this can arise if you happen to nest 
> realms (eg, /dir1 is a realm and then you configure 
> /dir1/subdir as a realm also) or if you redirect resources 
> from one realm to another parallel realm.
> 
> Is the page on the public internet? Can we have a look?
> 
> Rgds,
> Owen Boyle
> Disclaimer: Any disclaimer attached to this message may be ignored. 
> 
> -----Original Message-----
> From: Barham, David [mailto:[EMAIL PROTECTED]
> Sent: Montag, 7. November 2005 19:08
> To: users@httpd.apache.org
> Subject: [EMAIL PROTECTED] repeated authentication requests
> 
> 
> I'm running Apache 2.0.52 on RHEL 2 (EM64T)
> I've installed mod_auth_pam and have got the user 
> authentication working correctly from a windows AD.
> However, I'm finding that I'm getting asked to 
> re-authenticate multiple times.
>  
> In a simple example I might get a page index.html with 
> multiple images. The index.html downloads but then the next 
> entry in the httpd log is a 401 for image1.gif. My browser 
> prompts (again) for username/password but even while it is 
> waiting for a response I see GETs for image2.gif, image3.gif etc.
>  
> If I cancel the username/password dialog box and then refresh 
> the browser I get the gif which was missing the first time 
> around but this time get the 401 on a different image. It 
> seems to always be the second GET which causes this.
>  
> Has anyone seen this?
>  
> Thanks
> David Barham
> 
> Diese E-mail ist eine private und persönliche Kommunikation. 
> Sie hat keinen Bezug zur Börsen- bzw. Geschäftstätigkeit der 
> SWX Gruppe. This e-mail is of a private and personal nature. 
> It is not related to the exchange or business activities of 
> the SWX Group. Le présent e-mail est un message privé et 
> personnel, sans rapport avec l'activité boursière du Groupe SWX.
>  
>  
> This message is for the named person's use only. It may 
> contain confidential, proprietary or legally privileged 
> information. No confidentiality or privilege is waived or 
> lost by any mistransmission. If you receive this message in 
> error, please notify the sender urgently and then immediately 
> delete the message and any copies of it from your system. 
> Please also immediately destroy any hardcopies of the 
> message. You must not, directly or indirectly, use, disclose, 
> distribute, print, or copy any part of this message if you 
> are not the intended recipient. The sender's company reserves 
> the right to monitor all e-mail communications through their 
> networks. Any views expressed in this message are those of 
> the individual sender, except where the message states 
> otherwise and the sender is authorised to state them to be 
> the views of the sender's company.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>    "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP 
> Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
>    "   from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 
> 

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to