Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ModPerl: ModPerl

Apache2::AuthenNTLM 0.02 - BASIC password problem when using punctuation?

 

 

ModPerl modperl RSS feed   Index | Next | Previous | View Threaded


Kristen.Glynn at virginaustralia

Jan 15, 2012, 8:19 PM

Post #1 of 1 (935 views)
Permalink
Apache2::AuthenNTLM 0.02 - BASIC password problem when using punctuation?

Hi,

I've noticed that when using password "Blahblah_" I can not authenticate against a webserver protected by Apache2::AuthenNTLM using BASIC auth - other passwords I have tried are "Blahblah." / "Blahblah#" - if I change the users password to "password" everything works fine.

Why is this happening? See below.

wget --auth-no-challenge -d --no-proxy --http-user="citrixtest1" --http-password="Blahblah_" http://server/location_protected_by_AuthenNTLM/

---request begin---
GET /location_protected_by_AuthenNTLM/ HTTP/1.0
User-Agent: Wget/1.11.4 Red Hat modified
Accept: */*
Authorization: Basic Y2l0cml4dGVzdDE6QmxhaGJsYWhf
Host: server
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 401 Authorization Required
Date: Mon, 16 Jan 2012 04:06:59 GMT
Server: Apache
WWW-Authenticate: Basic realm="TEST"
Content-Length: 401
Keep-Alive: timeout=600, max=10000
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

---response end---
401 Authorization Required

If I log into my domain controller and change the password to "password" it works fine.

wget --auth-no-challenge -d --no-proxy --http-user="citrixtest1" --http-password="password" http://server/location_protected_by_AuthenNTLM/

---request begin---
GET /location_protected_by_AuthenNTLM/ HTTP/1.0
User-Agent: Wget/1.11.4 Red Hat modified
Accept: */*
Authorization: Basic Y2l0cml4dGVzdDI6cGFzc3dvcmQ=
Host: server
Connection: Keep-Alive

---request end---
HTTP request sent, awaiting response...
---response begin---
HTTP/1.1 200 OK
Date: Mon, 16 Jan 2012 04:10:49 GMT
Server: Apache
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-control: no-store
Cache-control: max-age=0
Content-Length: 739
Keep-Alive: timeout=600, max=10000
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1

---response end---
200 OK

My apache config looks like so..

<Location "/location_protected_by_AuthenNTLM">
# Enable the Authentication module
PerlAuthenHandler Apache2::AuthenNTLM

# Do NTLM and basic authentication
AuthType ntlm,basic

# The name that should be displayed in the Auth box, if NTLM fails
AuthName TEST

# Ask for a valid user.
require valid-user

# Format: domain pdc bdc
# Domain : Your windows domain
# pdc : Primary Domain Controller
# bdc : Backup Domain controller

# Note : Multiple domains can be specified.

PerlAddVar ntdomain "TEST iskdc01 iskdc02"

# What should be the default domain
PerlSetVar defaultdomain TEST
PerlSetVar fallbackdomain TEST

# The user names are in the form "OURDOMAIN\user_name". Let us split it.
PerlSetVar splitdomainprefix 0

# Set the debug variables
PerlSetVar ntlmdebug 2
PerlSetVar ntlmauthoritative on
PerlSetVar ntlmsemtimeout 5
</Location>


[Description: http://www.virginblue.com.au/_images/internal/email/virginaustralia.gif]

Kris Glynn | Systems Engineer
PO Box 1034 Spring Hill QLD Australia 4004
P 07 3295 3987 | M 0434 602 997
E kristen.glynn [at] virginaustralia www.virginaustralia.com<http://www.virginaustralia.com/>
Virgin Australia group of airlines including Virgin Australia,
V Australia, Pacific Blue and Polynesian Blue

Please consider the environment before printing this email.

[Description: http://www.virginblue.com.au/_images/internal/email/spacer.gif]








The content of this e-mail, including any attachments, is a confidential communication between Virgin Australia, Pacific Blue or a related entity (or the sender if this email is a private communication) and the intended addressee and is for the sole use of that intended addressee. If you are not the intended addressee, any use, interference with, disclosure or copying of this material is unauthorized and prohibited. If you have received this e-mail in error please contact the sender immediately and then delete the message and any attachment(s). There is no warranty that this email is error, virus or defect free. This email is also subject to copyright. No part of it should be reproduced, adapted or communicated without the written consent of the copyright owner. If this is a private communication it does not represent the views of Virgin Australia, Pacific Blue or their related entities. Please be aware that the contents of any emails sent to or from Virgin Australia, Pacific Blue or their related entities may be periodically monitored and reviewed. Virgin Australia, Pacific Blue and their related entities respect your privacy. Our privacy policy can be accessed from our website: www.virginaustralia.com
Attachments: image003.gif (4.95 KB)
  image005.png (0.16 KB)
  image006.png (0.18 KB)

ModPerl modperl RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.