Hello Russell,

Smithies, Russell wrote, On 07/17/2012 05:41 PM:
> It appears that NTLM isn't passing the HTTP_REMOTE_USER through for us.
> Anyone else struck this and found a solution?
> Our apache config looks like this:
>     <Location "/">
>       AuthName "Galaxy"
>       NTLMAuth on
>       NTLMAuthHelper "/usr/bin/ntlm_auth --helper-protocol=squid-2.5-ntlmssp"
>       NTLMBasicAuthoritative on
>       AuthType NTLM
>       require valid-user
>     # Take the $REMOTE_USER environment variable and set it as a header in 
> the proxy request.
>       RewriteCond %{IS_SUBREQ} ^false$
>       RewriteCond %{LA-U:REMOTE_USER} (.+)
>       RewriteRule . - [E=RU:%1]
>       RequestHeader set REMOTE_USER %{RU}e
>     </Location>


> '(null)'

One voodoo solution that worked for me (not with NTLM, but exactly with the 
same '(null)' symptom)
is to take the entire "RewriteCond" part outside of the <Location> block.
Put it in the global configuration file, after the <Location> part, but before 
the proxy statement.

Also, the exact incantation that worked for me (after many many trials and 
errors) is:
RewriteRule . - [E=RU:%{LA-U:REMOTE_USER}]
RequestHeader set REMOTE_USER %{RU}e

It's voodoo (to me) because it probably has something to do with deep apache 
internals, relating to execution order of the authentication module vs the 
"mod_rewrite" parts (and the "LA-U" [Look-ahead] thing sure doesn't help to 
make it clearer...).


Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:


Reply via email to