Re: Suspected Apache::AuthenNTLM Bug
> > With ColdFusion you can call the same page eg the line_main2.cfm can be > called from the line_main2.cfm with different parameters. Unfortunately > the client PC does not seem to pass the NTLM/Basic Authorization Header > the second time the page is called. > Maybe this is handled via a subrequest. To test this I send you the newest version. Please install it and set PerlSetVar ntlmdebug 2 run your request and send me the output from the httpd error log Gerald - Gerald Richterecos electronic communication services gmbh Internetconnect * Webserver/-design/-datenbanken * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: [EMAIL PROTECTED] Voice:+49 6133 925131 WWW:http://www.ecos.de Fax: +49 6133 925152 -
Re: Suspected Apache::AuthenNTLM Bug
Hi there, On 8 Nov 2002, Brett Hales wrote: > I believe that there is a bug in the Apache::AuthenNTLM module. Did you see this? 73, Ged. -- Date: Thu, 7 Nov 2002 17:46:15 -0600 (CST) From: Gerald Combs <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: NTLM Authentication patch We recently installed AuthenNTLM where I work, and ran into the POST problems described in the thread at http://marc.theaimsgroup.com/?t=10317736546&r=1&w=2 After looking through a couple of network traces I think I've found the problem. It appears that after IE authenticates via NTLM, it sends type 1 messages for subsequent requests during a keepalive session. This is fine and dandy unless you're sending a POST request - when it sends the type 1 message, it also sends a "Content-length: 0", and doesn't append the POST data. Since the browser has successfully authenticated itself earlier in the keepalive session, AuthenNTLM validates the request and a POST with no accompanying POST data gets passed to the server. Attached is a patch against the 0.21 release that fixes this behavior (in our environment, at any rate). I know very little about NTLM authentication and mod_perl coding, so the patch may not be entirely correct.
Suspected Apache::AuthenNTLM Bug
I believe that there is a bug in the Apache::AuthenNTLM module. Configuration: I have an Apache server with ColdFusion MX 6 installed, there is a requirement for NTLM authentication with the server. I implemented the PerlAuthenHandler Apache::AuthenNTLM to solve this problem. Problem: With ColdFusion you can call the same page eg the line_main2.cfm can be called from the line_main2.cfm with different parameters. Unfortunately the client PC does not seem to pass the NTLM/Basic Authorization Header the second time the page is called. An error appears in the error.log [Fri Nov 8 09:03:58 2002] [error] access to /cf_dev/objectives/line_main2.cfm failed for , reason: Bad/Missing NTLM/Basic Authorization Header for /cf_dev/objectives/line_main2.cfm Configuration: Apache::AuthenNTLM (version 0.21) Server version: Apache/1.3.27 (Unix) httpd.conf Alias /cf_dev/objectives/ "/baewwwroot/cf_dev/objectives/" Options -Indexes FollowSymLinks MultiViews PerlAuthenHandler Apache::AuthenNTLM AuthType ntlm AuthName "Windows Authentication Required" require valid-user PerlAddVar ntdomain "BAEA baeapdc sbntfp1" PerlAddVar ntdomain "BAEADEV bantdev1" PerlSetVar defaultdomain BAEA -- Brett Hales