Hi Vsevolod,
> I have a small glitch with Smb authentication in apache. Basically, if
> I have a frames page in the protected directory, the server asks for
> the password twice.
The problem is that your web browser is able to send a request for the two
frames in parallel. So the web server gets two web page hits at exactly
the same and tries to authenticate them both using the login and password
that the browser sent. NT basically can't deal with more than
one login/password check at any given moment. (I don't know how long that
moment is but it appears to be pretty long). The Authen::Smb code which
Apache::AuthenSmb is based on has a very serious bug which treats the
error code NT gives back as a
NTV_LOGON_ERROR
which makes Apache::AuthenSmb think that the login has failed. This is
then sent back to the browser which pops up the authentication dialogue
box.
Apache::AuthenSmb needs to be patched so that it returns a
NTV_SERVER_ERROR
when its too busy to deal with another authentication check. The
following code fixes the bug:
patch smbval/valid.c -
43a44,48
> if( SMBlib_errno == SMBlibE_RecvFailed )
> {
> /* Server too busy to handle response */
> return(NTV_SERVER_ERROR);
> }
I submitted this patch to the Authen::Smb over a year ago and got an
immediate response that he got the fix and would shortly provide an update.
Since then he has either been unable or unwilling to return any of my
other attempts to contact him and he has not (last I checked) produced a
patched copy of Authen::Smb. I even respectively offered to take over the
ownership of the Authen::Smb module which also received no answer.
I think Randal and others high in the Perl community listen to this list.
What would they suggest I do? I could patch the code and release it under
a different name but I am concerned that might cause more confusion that
its worth.
Hope that helps answer your question.
Cheers,
Joshua
P.S. This is not a complete solution to your problem. Once you patch the
Authen::Smb code you will need to update Apache::AuthenSmb to try other
Domain controllers or sleep for a few seconds before trying again. I also
have code for this which I have submitted to the legal department to get
it released to the public.
