Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

Page 101/244 | < Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108 | Next Page >

Routing and Remote Access Service won't start after full disk

- by NKCSS

The HDD of the server was out of disk space, and after a reboot, RRAS won't start anymore on my 2008 R2 server. Error Details: Log Name: System Source: RemoteAccess Date: 2/5/2012 9:39:52 PM Event ID: 20153 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Windows14111.<snip> Description: The currently configured accounting provider failed to load and initialize successfully. The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="RemoteAccess" /> <EventID Qualifiers="0">20153</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2012-02-05T20:39:52.000Z" /> <EventRecordID>12148869</EventRecordID> <Channel>System</Channel> <Computer>Windows14111.<snip></Computer> <Security /> </System> <EventData> <Data>The connection was prevented because of a policy configured on your RAS/VPN server. Specifically, the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.</Data> <Binary>2C030000</Binary> </EventData> </Event> I think it has something to do with a corrupt config file, but I am unsure of what to do. I Removed the RRAS role, rebooted, and re-added, but it keeps failing with the same error. Thanks in advance. [UPDATE] If i set the accounting provider from 'Windows' to '' the service starts but VPN won't work. Any ideas how this can be repaired?

Read the article
SSH: Port Forwarding, Firewalls, & Plesk

- by Kian Mayne

I edited my SSH configuration to accept connections on Port 213, as it was one of the few ports that my work firewall allows through. I then restarted sshd and everything was going well. I tested the ssh server locally, and checked the sshd service was listening on port 213; however, I still cannot get it to work outside of localhost. PuTTY gives a connection refused message, and some of the sites that allow check of ports I tried said the port was closed. To me, this is either firewall or port forwarding. But I've already added inbound and outbound exceptions for it. Is this a problem with my server host, or is there something I've missed? My full SSH config file, as requested: # $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 22 Port 213 #Protocol 2,1 Protocol 2 #AddressFamily any #ListenAddress 0.0.0.0 #ListenAddress :: # HostKey for protocol version 1 #HostKey /etc/ssh/ssh_host_key # HostKeys for protocol version 2 #HostKey /etc/ssh/ssh_host_rsa_key #HostKey /etc/ssh/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key #KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO # Authentication: #LoginGraceTime 2m #PermitRootLogin yes #StrictModes yes #MaxAuthTries 6 #RSAAuthentication yes #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 #HostbasedAuthentication no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no # Don't read the user's ~/.rhosts and ~/.shosts files #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication yes # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes ChallengeResponseAuthentication no # Kerberos options #KerberosAuthentication no #KerberosOrLocalPasswd yes #KerberosTicketCleanup yes #KerberosGetAFSToken no # GSSAPI options #GSSAPIAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication mechanism. # Depending on your PAM configuration, this may bypass the setting of # PasswordAuthentication, PermitEmptyPasswords, and # "PermitRootLogin without-password". If you just want the PAM account and # session checks to run without PAM authentication, then enable this but set # ChallengeResponseAuthentication=no #UsePAM no UsePAM yes # Accept locale-related environment variables AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL #AllowTcpForwarding yes #GatewayPorts no #X11Forwarding no X11Forwarding yes #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes #TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 #ClientAliveCountMax 3 #ShowPatchLevel no #UseDNS yes #PidFile /var/run/sshd.pid #MaxStartups 10 #PermitTunnel no #ChrootDirectory none # no default banner path #Banner /some/path # override default of no subsystems Subsystem sftp /usr/libexec/openssh/sftp-server

Read the article
NGINX basic auth only for POST

- by hokkaido

Hello, I'm settings up nginx to serve Mercurial repositories. It works when not using basic authentication at all, or when I use basic authentication all over. What I want to do is to just use basic auth on POST requests, so anyone have pull access, but only authenticated users can push. I tried the following, if ($request_method = POST) { auth_basic "Restricted"; auth_basic_user_file /path/to/userfile } However it complains about "auth_basic directive is not allowed here". How can I solve this?

Read the article
wso2 products and alfresco integration

- by Ivo

I've found this tutorial about installing Alfresco on WSO2 Appserver. http://sanjeewamalalgoda.blogspot.com/2011/09/how-to-install-alfresco-on-wso2.html Does this mean I can delegate authentication to the wso2 security configuration also? I wouldn't want to have to manage security in both places separately. If I were to deploy Alfresco in wso2 I would want to use the wso2 Identity Server for authentication. I was thinking about Alfresco running in wso2 Appserver using identity server for authentication and ESB for the Alfresco services. Is this approach suitable for other apps as well? Is that possible?

Read the article
OpenLDAP and user role based accedss controll (RBAC)

- by Jason

Hello, my company uses an openldap server which stores corporate user information ((username,passwd and some other information like email are stored in ldap).. Till now they only use it for authentication but now we'd like to use for authentication also, this means that we'll create roles (as ldap attributes in a new schema) and assign those roles in the users. My actual question is if there is a best-practice to follow for using openldap for authentication on many applications (most written in php). I understand how to make roles and assign them to users for just one application, but what about the others (each application of course has its own roles). Should I just create an ou=appName,ou=roles,dc=mycompany for each application, put the roles as attributes there and just add each role as an attribute of the user object ? is there any other recommendations ? thanks

Read the article
Spring security custom principal bean

- by wuntee

I have a web application that is set up to use the default ldap server/authentication manager/authentication provider/user service. I have another DAO that already does majority of the work that those do (besides the authenticating a user) using Spring-LDAP. My problem is that I want the principal to be of my own custom bean class. What is the simplest way to do this? Initially I was thinking to create a custom authentication provider, but since the default one does exactly what I want, there doesnt seem to be a need. I am thinking I just need to override whatever object actually returns the Principal bean. Is this possible, and able to be injected into the security ldap authenticator context?

Read the article
PageMethods security

- by TenaciousImpy

Hi, I'm trying to 'AJAX-ify' my site in order to improve the UI experience. In terms of performance, I'm also trying to get rid of the UpdatePanel. I've come across a great article over at Encosia showing a way of posting using PageMethods. My question is, how secure are page methods in a production environment? Being public, can anyone create a JSON script to POST directly to the server, or are there cross-domain checks taking place? My PageMethods would also write the data into the database (after filtering). I'm using Forms Authentication in my pages and, on page load, it redirects unauthenticated users to the login page. Would the Page Methods on this page also need to check authentication if the user POSTs directly to the method, or is that authentication inherited for the entire page? (Essentially, does the entire page cycle occur even if a user has managed to post only to the PageMethod)? Thanks

Read the article
WCF MessageContract Help - MessageBodyMember with hyphenated name

- by Hcabnettek

Hi All, I need a bit of WCF help. This project uses message contracts. The transport seems to work ok. I have this code for a response type. namespace tpoke.Contracts { [MessageContract(IsWrapped = true)] public class AuthenticationResponseMC { [MessageBodyMember(Name = "authentication-token")] public Guid AuthenticationToken; } } Now when I run the operation that returns this, I try to deserialize using the XmlSerializer. The is not what I'm needing. I need it to be <authentication-token xmlns="http://tpoke.wcf.com">e13xxxx-xxxx-xxxx-xxxxxx</authentication-token> How can I make this work correctly? Do I need to add the namespace to MessageBodyMember? Why is the hyphen being stripped out? Any tips or advice is certainly appreciated. Thanks, ~ck in San Diego

Read the article
SQL Server 2008, Kerberos and SPN

- by andrew007

Hi, I installed SQL Server 2008 on a Win XP SP2 workstation in a AD domain and configured to run with the "Network Service" account. In my error log I have the following message (Event ID:26037): The SQL Server Network Interface library could not register the Service Principal Name (SPN) for the SQL Server service. **Error: 0xd, state: 13**. Failure to register an SPN may cause integrated authentication to fall back to NTLM instead of Kerberos. This is an informational message. Further action is only required if Kerberos authentication is required by authentication policies. The strange thing is that I have another SQL Server 2008 installation in a Win 2003 server configured in the same way and there I do not have this message. My questions are: Does anybody know if there are limitations with Kerberos on Windows XP and SQL Server? Why the SPN is not automatically registered on Win XP when I use the "Network Service" but it works on Windows 2003 server? THANKS!

Read the article
Setting up sendgrid for rails..returning Authorization error

- by Trip

The emails now send from my local, but do not send from my box. I am returned this error. Anyone know what this might be? Net::SMTPAuthenticationError (535 5.7.8 Error: authentication failed: authentication failure ): My environments/production.rb ActionMailer::Base.delivery_method = :smtp ActionMailer::Base.smtp_settings = { :address => "smtp.sendgrid.net", :port => '25', :domain => "mydomain.com", :authentication => :plain, :user_name => "[email protected]", :password => "password1234" } /etc/ssmtp/ssmtp.conf : root=postmaster mailhub=smtp.sendgrid.net [email protected] AuthPass=password1234 AuthMethod=LOGIN rewriteDomain=mydomain.com FromLineOverride=YES UseSTARTTLS=NO

Read the article
Authkit - deferring action for HTTP '401' response to client application

- by jon

Form, Redirect and Forward all send an unauthenticated user to a Form on a login page specified within an Authkit middleware application. I'd like to allow a client application to request a service via XHR and then present a custom 'client side' form if a HTTP status code of 401 is returned, which would then post to Authkit for authentication until valid authentication/authorization occured. Specifically, 1) a jquery $.get request might request a resource. 2) if an Authkit cookie check confirmed previous authorization the content would be returned. 3) if not I would like Authkit to simply return the '401 response' (and not redirect to another page, or return a form template) where a client side exception handler would notify the user and present an authentication form. Can Authkit work like this?

Read the article
Why does Spring Security's BindAuthenticator require read permissions for users?

- by Thomas

Hi all, I'm currently implementing/configuring the LDAP authentication of a Java web application using Spring Security 3.0. I'm using Microsoft AD LDS as LDAP server and chose the Spring's BindAuthenticator. I found out that the authentication only works if the authenticated user is a member of the partition's Readers role. The BindAuthenticator tries to read the user's attributes after the authentication, which seems reasonable in scenarios where authorities are retrieved from the directory service. Being new to LDAP and AD, is this an acceptable practise when the application is integrated in an existing AD structure? Can fine-tune an give the user dns only read permissions for their own attributes rather than adding them to the Reader group? Thanks Thomas

Read the article
Concepts a web application developer should know?

- by iama

I think it is imperative for web application developers to know the answers surrounding the following general questions on web development irrespective of the programming language/framework used. What authentication mechanisms HTTP offer & what are their pros and cons? Why should one go for FORMS authentication? How to secure authentication or for that matter any transactions via HTTP? How to maintain state in HTTP? What are the downsides to maintaining state via cookie & what happens when browsers disable them? Security issues like cross site scripting, session hijacking etc. What other questions a web developer should have answers for similar to the ones above that are programming language/web framework agnostic?

Read the article
RESTFul, statelesness and sessions

- by Per Arneng

RESTFul service has a rule that it should be stateless. By beeing that it does not allow a session to be created and maintained by sending a session key between the client and the server and then holding a session state on the server. If i look at the definition in wikipedia of stateless server http://en.wikipedia.org/wiki/Stateless_server "A stateless server is a server that treats each request as an independent transaction that is unrelated to any previous request" It states that it should be unrelated to any previous request. In practice this means that any type of authentication will be comparing the credentials of a user to a state on the server that was created by a previous operation. So a service called login is related to and dependent on the state that has been created by previous requests (ex: create_user and/or change_password). In my view you are breaking statelessnes by doing authentication. My point is that people are complaining about having sessions in RESTFul is breaking statelesness but doing authentication is also breaking the same rule. What do you think?

Read the article
ASP.NET Page Unauthorization for common pages

- by Mahesh

Hi I am developing a web application which has form based authentication. All pages needs to be authenticated except AboutUs and ContactUs pages. I configured everything correct except AboutUs and ContactUs pages. Since I am denying all users in authorization section, application is redirecting even if the customer browse AboutUs and ContactUs pages. Configuration Rules <authentication mode= "Forms"> <forms name=".ASPXAUTH" loginUrl="Login.aspx" timeout="20" protection="All" slidingExpiration="true" /> </authentication> <authorization> <deny users="?" /> </authorization> Could you please let me know how can I tell asp.net to remove these pages for authorization?? Thanks, Mahesh

Read the article
SQL server 2005 remote connection problem, cannot solve it help please thank you

- by user287745

note:- if this question does not fit this site please do not just close it but also redirect the question to the fitting sister site, thank you" the steps taken and the error are mentioned please help, i am stuck here! installed sql server 2005 express on both computers installed sql server management studio express on both computers ran each management studio and connect to instance sqlserver using windows authentication ( one computer connection example "A-63A9D4D7E7834\SQLEXPRESS" ) created a database in the databases named as "test1" created a few tables with data saved and exit. did everything what this site says " How to configure SQL Server 2005 to allow remote connections" [add h t t p here as spam prevention] ://support.microsoft.com/kb/914277/en-us" but i have just disable the firewalls completely :turn off connecting to A-63A9D4D7E7834 started "SQL Server Management Studio Express" on computer A-63A9D4D7E7834 sever name: "ALL-E425BE6C41D\SQLEXPRESS" authentication: "windows authentication" and CONNECT I GET THE FOLLOWING ERROR Cannot connect to ALL-E425BE6C41D\SQLEXPRESS. ADDITIONAL INFORMATION: Login failed for user 'ALL-E425BE6C41D\Guest'. (Microsoft SQL Server, Error: 18456) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476 BUTTONS: OK HELP

Read the article
How to use ASP.NET Authorization Yet Permit Access to .css Files?

- by Chaitanya

<authentication mode="Forms"> <forms loginUrl="Login.aspx"/> </authentication> <authorization> <deny users="?"/> </authorization> I am using forms authentication, and when i place the arguments cited above, the css formatting I have done for the whole document is not being implemented, it's vanishing. what should i be doing so that the CSS remains intact.

Read the article
Override Devise Sign-in with reCaptcha

- by Bashar Abdullah

I'm trying to override the Rails devise login to include recaptcha. I followed the steps here http://presentations.royvandewater.com/authentication-with-devise.html#8 however for some reason, authentication always fails. To isolate the problem, I removed all my code and called super directly class SessionsController < Devise::SessionsController def create super end end file is at: Rails.root/app/controllers/sessions_controller.rb the slide suggest Rails.root/app/controllers/sessions.rb but I assume that was just a mistake. Trying it out didn't help either. I even copied the full Sessions Controller code into my own, still gives the problem. Authentication fails here specifically: resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new") Any idea what I might be doing wrong?

Read the article
ASP.Net Web Forms LoginStatus Multiple LoginURL - suggestions?

- by TGuimond

Hi Guys, I am developing a multi-lingual website. I am determining the requested language via a querystring variable eg: http://mydomain.com/default.aspx?lang=en I am using two <asp:LoginStatus /> controls in my masterpage. My web.config file is set up like this for forms authentication. <authentication mode="Forms"> <forms loginUrl="~/login.aspx" protection="All" timeout="30" name=".ASPXAUTH" path="/" requireSSL="false" slidingExpiration="true" defaultUrl="default.aspx" cookieless="UseDeviceProfile" enableCrossAppRedirects="false"/> </authentication> Currently when you click on a <asp:LoginStatus /> you will be redirected to my login page and the url will look something like this: http://mydomain.com/login.aspx?ReturnUrl=%2fdefault.aspx%3flang%3den What solutions are available to me so that I can append my lang variable to my login.aspx? depending on which language is currently active?

Read the article
SQL server 2055 remote connection problem, cannot solve it help please thank you

- by user287745

note:- if this question does not fit this site please do not just close it but also redirect the question to the fitting sister site, thank you" the steps taken and the error are mentioned please help, i am stuck here! installed sql server 2005 express on both computers installed sql server management studio express on both computers ran each management studio and connect to instance sqlserver using windows authentication ( one computer connection example "A-63A9D4D7E7834\SQLEXPRESS" ) created a database in the databases named as "test1" created a few tables with data saved and exit. did everything what this site says " How to configure SQL Server 2005 to allow remote connections" [add h t t p here as spam prevention] ://support.microsoft.com/kb/914277/en-us" but i have just disable the firewalls completely :turn off connecting to A-63A9D4D7E7834 started "SQL Server Management Studio Express" on computer A-63A9D4D7E7834 sever name: "ALL-E425BE6C41D\SQLEXPRESS" authentication: "windows authentication" and CONNECT I GET THE FOLLOWING ERROR Cannot connect to ALL-E425BE6C41D\SQLEXPRESS. ADDITIONAL INFORMATION: Login failed for user 'ALL-E425BE6C41D\Guest'. (Microsoft SQL Server, Error: 18456) For help, click: http://go.microsoft.com/fwlink?ProdName=Microsoft+SQL+Server&EvtSrc=MSSQLServer&EvtID=18456&LinkId=20476 BUTTONS: OK HELP

Read the article
Authkit - deferring action to HTTP response to client application

- by jon

Form, Redirect and Forward all send an unauthenticated user to a Form on a login page specified within an Authkit middleware application. I'd like to allow a client application to request a service via XHR and then present a custom 'client side' form if a HTTP status code of 401 is returned, which would then post to Authkit for authentication until valid authentication/authorization occured. Specifically, 1) a jquery $.get request might request a resource. 2) if an Authkit cookie check confirmed previous authorization the content would be returned. 3) if not I would like Authkit to simply return the '401 response' (and not redirect to another page, or return a form template) where a client side exception handler would notify the user and present an authentication form. Can Authkit work like this?

Read the article
SSH issue when do the Git clone

- by palani

Hi i have my own ubuntu linux box .... in that i have /home/username/.ssh/id_rsa.pub .. i copied the public key and paste the key into Git Hub. when i try to clone the git repository it says the following error warning: Authentication failed. Disconnected; no more authentication methods available (No further authentication methods available.). I have no idea what is wrong with that.... i have putty tool which connect my server with doing authenetication. becuase i copied my public key to my server known host folder. Can any one please help on this .... its heart breaking here.......

Read the article
Java Authenticator on a per connection basis?

- by Martijn Laarman

I'm building an Eclipse plugin that talks to a REST interface which uses Basic Authentication. When the authentication fails I would like to popup my plugin's settings dialog and retry. Normally I could use the static Authenticator.setDefault() to setup an authenticator for all HttpURLConnection's for this, but since I am writing a plugin I don't want to overwrite Eclipse's default Authenticator (org.eclipse.ui.internal.net.auth); I thought of setting my custom Authenticator before loading and putting Eclipse's default back afterwards, but I imagine this will cause all sorts of race issues with multithreading so I quickly lost that notion. Google searches yield all sorts of results basically telling me it's not possible: The Java URLConnection API should have a setAuthenticator(Authenticator) method for making it easier to use this class in multi-threaded context where authentication is required. Source If applications contains few third party plugins and each plugin use its own Authenticator what we should do? Each invocation of "Authenticator.setDefault()" method rewrite previously defined Authenticator... Source Are there any different approaches that might help me overcome this issue?

Read the article
Free SEO Analysis using IIS SEO Toolkit

- by The Official Microsoft IIS Site

In my spare time I’ve been thinking about new ideas for the SEO Toolkit , and it occurred to me that rather than continuing trying to figure out more reports and better diagnostics against some random fake sites, that it could be interesting to ask openly for anyone that is wanting a free SEO analysis report of your site and test drive some of it against real sites. So what is in it for you, I will analyze your site to look for common SEO errors, I will create a digest of actions to do and other...(read more)

Read the article
SilverlightShow for Feb 28 - March 06, 2011

- by Dave Campbell

Check out the Top Five most popular news at SilverlightShow for Feb 28 - Mar 06, 2011. While you're at it, check out the ECO Contest site, and vote for your favorites before midnight PST on March 10. Here are the top 5 news on SilverlightShow for last week: SilverlightShow Bookshelf now released as Open Source CRUD Operation on Relational Data (Multiple table) using RIA and Silverlight 4 A Sample Silverlight 4 Application Using MEF, MVVM, and WCF RIA Services - Part 3 Daily News Digest 03/02/2011 RadControls for Windows Phone 7 Q1 2011 Beta 2 released Visit and bookmark SilverlightShow. Stay in the 'Light

Read the article

< Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108 | Next Page >