Phipps, Jeff wrote:

Hello,

I am having a problem with the Authen:NTLM module 2.07.  I am not sure if
these are bugs, or I am trying to implement it incorrectly.

Problem 1:   If it is using a pre-existing user connection, it does not
recall the map_user function
I am using the map_user function to setup environment variables that I query
from the ADS using LDAP, so the application does not have to handle quering
such information as email address, etc...



This is because NTLM HTTP authentication is connection-oriented, rather than request-oriented. Therefore, each subsequent request will not carry any authentication information that would prompt for an authentication request from the server. (This is true except when submitting a POST request).

http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication

Problem 2: Can't login from a remote Windows PC
The module seems to only try NTLM if the client is a windows machine, and if
you are not part of the domain, it will not authorize you. Should this try
using Basic if NTLM fails to allow non member machines to authenticate
against the domain like a netscape browser would do?


Yes, NTLM will really only work with Internet Explorer. (Though there are rumors of other browsers(???) that might have NTLM support implemented now...) I would test with basic. If that works, make sure that you are setting the Keep-Alive header, (HTTP 1.0), or using HTTP 1.1, for the transaction. Also, check to see if you have a proxy between the client and the server. This will stop any NTLM authentication attempts, as well. (Check out this thread: http://www.gossamer-threads.com/lists/modperl/modperl/69976 )

take care,
--
Shannon Eric Peevey
President - EriKin Corporation
[EMAIL PROTECTED]
(940) 391-6777
http://www.erikin.com



--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html



Reply via email to