httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Weed <brian_w...@yahoo.com>
Subject Re: [users@httpd] Multiple Authentication
Date Mon, 06 Aug 2007 12:31:13 GMT
--- Dragon <dragon@crimson-dragon.com> wrote:

> Brian Weed wrote:
> >I'm using Apache v2.2.4 (on Windows Server 2003)
> and
> >I'm trying to use both SSPI and Basic
> Authentication
> >together so that both Domain and non-domain users
> can
> >log in to my Trac Wiki site.
> >
> >Withi this config:
> >
> ><LocationMatch "/cgi-bin/trac.cgi/[^/]+/login">
> >
> >   # Domain Login
> >
> >   AuthName "my domain"
> >
> >   AuthType SSPI
> >   SSPIAuth On
> >   SSPIAuthoritative Off
> >   SSPIDomain MYDOMAIN
> >   SSPIOfferBasic On
> >   SSPIOfferSSPI Off
> >   SSPIOmitDomain On
> >   SSPIPerRequestAuth On
> >
> >  # Non-domain login
> >   AuthType Basic
> >   AuthBasicAuthoritative Off
> >   AuthUserFile D:/wikis/trac.htpasswd
> >
> >   Require valid-user
> >
> ></LocationMatch>
> >
> >It only allows Domain users to log in.  Its not
> >falling back to Basic via AuthUserFile.
> >If I turn off SSPI, then it allows Basic Auth (but
> >obviously not Domain login).
> >
> >Searching the web, I've found a few people with
> >similar problems, but no real solution:
> >
> >http://svn.haxx.se/users/archive-2006-09/1384.shtml
> >and
> >http://www.svnforum.org/2017/viewtopic.php?p=11517
> >
> >The error I get in the error.log is: "...Logon
> >failure: unknown user name or bad password.  : user
> >MYDOMAIN\\nondomainuser: authentication failure for
> >"/cgi-bin/trac.cgi/foo/login"
> >
> >So, it seems as though it's always prepending the
> >domain, even when falling back to Basic, or its not
> >falling back at all.
> >
> >Is there some other module I have to install to
> >support falling back?
> >Any ideas as to what else I may be doing wrong?
> >
> ---------------- End original message.
> ---------------------
> 
> Just a thought... (caveat being I have not messed
> with anything 
> beyond basic authentication).
> 
> What about having two different virtual hosts
> serving as entry points 
> to this application which both point to the same
> application directory?
> 
> I think by doing that you can have one of the
> authentication methods 
> associated with one virtual host and the other with
> the second virtual host.
> 
> Dragon
 

Thanks for the workaround.

Brian


      ____________________________________________________________________________________
Shape Yahoo! in your own image.  Join our Network Research Panel today!   http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7




---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message