On Tue, Jun 24, 2014 at 9:19 AM, Morris, Andi <amor...@cardiffmet.ac.uk> wrote:
> Hi, > We are having some authentication issues with Apache if a user has a £ > symbol as part of their password. The error_log shows: > (OS 1326)Logon failure: unknown user name or bad password > > When the same user removes the pound symbol from the password they are > authenticated with no issues. > > The setup is: > TMG publishes our Shibboleth server externally and present the user with a > form for Forms Based Authentication. Shibboleth uses an Apache virtual > server called Remote User to handle the authentication. > > The problem only occurs when the users login from outside our network, via > TMG and the Apache Remote User vhost. > The same TMG form is used to publish our sharepoint and other internal > resources, and the issue does not occur there when using the same test user. > > The parts of the config that I can see that are relevant are: > <Location /idp/Authn/RemoteUser> > AuthName "Identity Provider" > AuthType SSPI > SSPIAuth On > Have you checked with the mod_auth_sspi folks? (mailing list or bug db) I suspect that this is an issue with that third-party module. Perhaps someone here can help, but a resource specific to mod_auth_sspi would probably yield better results. If you can duplicate the error with some simple httpd-bundled authentication module (e.g., mod_authn_file), open a bug against httpd and provide the test case. > SSPIAuthoritative On > SSPIOfferBasic On > SSPIOmitDomain On > SSPIPerRequestAuth On > SSPIUsernameCase lower > require valid-user > </Location> > > I've read around about forcing the basic authentication using: > SSPIBasicPreferred On > So I'm going to give that a try overnight (I can only restart the apache > service out of hours frustratingly). > > I'm happy to post up any obfuscated config files that might be required to > help resolve this. I'm pretty new to Apache but willing to provide whatever > is required. > > Does anyone have any suggestions for why the apache server doesn't seem to > like the pound symbol? > > Cheers, > Andi > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > -- Born in Roswell... married an alien... http://emptyhammock.com/ http://edjective.org/
