This is a "trusted" site, which, according to the Windows Integrated
Authentication docs, means that IE will happily send the authentication
credentials, but I would be more inclined to think that they will just not
be in the right format for mod_authnz_ldap to handle. What's weird is that
it is definitely getting the domain\username part of it.
Maybe it just won't work. I got mod_auth_sspi working with a workaround, so
maybe I'll just go that route.
On Tue, Sep 16, 2008 at 3:51 PM, André Warnier <[EMAIL PROTECTED]> wrote:
> André Warnier wrote:
>
>> Eric Covener wrote:
>>
>>> So, it looks like I need mod_setenvif, right? Could anybody write a
>>>>> quick
>>>>> directive that would look at REMOTE_USER to see if there is a backslash
>>>>> ("\"), and if there is, set the same variable to everything following
>>>>> the
>>>>> backslash? I think this would solve my problem. I would rather use
>>>>> mod_authnz_ldap that mod_auth_sspi as it is included with Apache and
>>>>> is
>>>>> well-supported.
>>>>>
>>>>
>>> The authentication/authorization modules don't read from the
>>> REMOTE_USER environment variable.
>>>
>>> Party pooper !
>>
>> Clayton,
> I kind of get a feeling that Eric is right though, because a) he usually
> seems to know his stuff, and b) that would not be very secure, to say the
> least.
> That would mean that we are back to try and figure out what exactly happens
> between IE and the server, and it what circumstances exactly IE sends this
> domain\user-id thing.
>
> But maybe Eric can help there ?
> Eric, what kind of "401" does mod_authnz_ldap send to the browser when it
> needs authentication ? Basic ?
> Then I can't quite imagine Clayton's scheme working, because IE would never
> of its own device send the user's password (I don't even think it knows it).
>
>
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> " from the digest: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
Clayton Hicklin
[EMAIL PROTECTED]
