Re: [users@httpd] Multiple Authentication

Fri, 03 Aug 2007 14:46:32 -0700 

Brian Weed wrote:

I'm using Apache v2.2.4 (on Windows Server 2003) and
I'm trying to use both SSPI and Basic Authentication
together so that both Domain and non-domain users can
log in to my Trac Wiki site.

Withi this config:

<LocationMatch "/cgi-bin/trac.cgi/[^/]+/login">

  # Domain Login

  AuthName "my domain"

  AuthType SSPI
  SSPIAuth On
  SSPIAuthoritative Off
  SSPIDomain MYDOMAIN
  SSPIOfferBasic On
  SSPIOfferSSPI Off
  SSPIOmitDomain On
  SSPIPerRequestAuth On

 # Non-domain login
  AuthType Basic
  AuthBasicAuthoritative Off
  AuthUserFile D:/wikis/trac.htpasswd

  Require valid-user

</LocationMatch>

It only allows Domain users to log in.  Its not
falling back to Basic via AuthUserFile.
If I turn off SSPI, then it allows Basic Auth (but
obviously not Domain login).

Searching the web, I've found a few people with
similar problems, but no real solution:

http://svn.haxx.se/users/archive-2006-09/1384.shtml
and
http://www.svnforum.org/2017/viewtopic.php?p=11517

The error I get in the error.log is: "...Logon
failure: unknown user name or bad password.  : user
MYDOMAIN\\nondomainuser: authentication failure for
"/cgi-bin/trac.cgi/foo/login"

So, it seems as though it's always prepending the
domain, even when falling back to Basic, or its not
falling back at all.

Is there some other module I have to install to
support falling back?
Any ideas as to what else I may be doing wrong?


---------------- End original message. ---------------------
Just a thought... (caveat being I have not messed with anything beyond basic authentication).
What about having two different virtual hosts serving as entry points to this application which both point to the same application directory?
I think by doing that you can have one of the authentication methods associated with one virtual host and the other with the second virtual host. 

Dragon

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Venimus, Saltavimus, Bibimus (et naribus canium capti sumus)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
  "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to