Phipps, Jeff wrote:
Hello,
I am having a problem with the Authen:NTLM module 2.07. I am not sure if
these are bugs, or I am trying to implement it incorrectly.
Problem 1: If it is using a pre-existing user connection, it does not
recall the map_user function
I am using the map_user function to setup environment variables that I query
from the ADS using LDAP, so the application does not have to handle quering
such information as email address, etc...
This is because NTLM HTTP authentication is connection-oriented, rather
than request-oriented. Therefore, each subsequent request will not
carry any authentication information that would prompt for an
authentication request from the server. (This is true except when
submitting a POST request).
http://davenport.sourceforge.net/ntlm.html#ntlmHttpAuthentication
Problem 2: Can't login from a remote Windows PC
The module seems to only try NTLM if the client is a windows machine, and if
you are not part of the domain, it will not authorize you. Should this try
using Basic if NTLM fails to allow non member machines to authenticate
against the domain like a netscape browser would do?
Yes, NTLM will really only work with Internet Explorer. (Though there
are rumors of other browsers(???) that might have NTLM support
implemented now...) I would test with basic. If that works, make sure
that you are setting the Keep-Alive header, (HTTP 1.0), or using HTTP
1.1, for the transaction. Also, check to see if you have a proxy
between the client and the server. This will stop any NTLM
authentication attempts, as well. (Check out this thread:
http://www.gossamer-threads.com/lists/modperl/modperl/69976 )
take care,
--
Shannon Eric Peevey
President - EriKin Corporation
[EMAIL PROTECTED]
(940) 391-6777
http://www.erikin.com
--
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html