Search Results

Search found 4151 results on 167 pages for 'mod auth'.

Page 22/167 | < Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >

• Kerberos and/or other authentication systems - One time logon for all PHP scripts

  - by devviedev

  I'm managing a set of web apps, almost exclusively written in PHP, and would like to find an authentication platform to build a role-based authorization system on top of. Also, I'd like the authentication system to be extensible to use for, for example, system services (SSH, etc.) Here are some of the main characteristics I'm looking for, in order of importance: Easy PHP implementation (storing/reading easily roles, etc.). Redundant, if possible. If an auth system goes down everyone is not locked out. Has clients for Windows and Mac. Easy web-based administration (adding/removing users/roles, changing passwords). If not, I can build an administration system without too much effort. One-time log on. I'd also like, when an auth token is issued, to store the user's IP address and use that to authorize the user for some non web-based applications. For that reason, I'd like a desktop client to issue the token and revoke tokens when, for example, the user becomes idle at their workstation. I'm thinking Kerberos might be a solution, but what are other options?

  Read the article

• How to change suexec root directory from "/var/www" to "/home"?

  - by Oudin

  Hi I've installed suexec using on ubuntu 12.04: apt-get install apache2 apache2-suexec libapache2-mod-fcgid php5-cgi However when I run the following command: sudo /usr/lib/apache2/suexec -V I get the following info: -D AP_DOC_ROOT="/var/www" -D AP_GID_MIN=100 -D AP_HTTPD_USER="www-data" -D AP_LOG_EXEC="/var/log/apache2/suexec.log" -D AP_SAFE_PATH="/usr/local/bin:/usr/bin:/bin" -D AP_UID_MIN=100 -D AP_USERDIR_SUFFIX="public_html" I'm utilizing "/home/user/public_html" to serve users content on the web not "/var/www" How can I change the root directory to "/home"?

  Read the article

• installed libapache2-mod_fastcgi on debian 7 - no php5-fcgi file

  - by ggstevens

  So I install Apache2 worker with libapache2-mod-fastcgi (non-free) on my Debian server. I found this snippet from the web, however, I don't have anything in my /usr/lib/cgi-bin/ folder. So how is my php working when I view phpinfo() ??? <IfModule mod_fastcgi.c> AddHandler php5-fcgi .php Action php5-fcgi /php5-fcgi Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -socket /var/run/php5-fpm.sock -pass-header Authorization </IfModule>

  Read the article

• "/etc/apache2/mods-enabled/proxy_html.load: Cannot load /usr/lib/libxml2.so.2 into server" error with Apache mod-proxy

  - by hhh

  The command $ sudo apt-get install libapache2-mod-proxy-html and then $sudo service apache2 restart fires: apache2: Syntax error on line 210 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/proxy_html.load: Cannot load /usr/lib/libxml2.so.2 into server: /usr/lib/libxml2.so.2: cannot open shared object file: No such file or directory Action 'configtest' failed. I am using X220 laptop. Perhaps related thing but ?AMD here. Perhaps some repeating bug in Ubuntu, again. How to fix this? Any patch yet for Ubuntu?

  Read the article

• How do i make a minecraft server mod? [closed]

  - by Simon

  Possible Duplicate: Mods for Minecraft Server - how does it work? I have made some minecraft client mods, but i've started a server a mounth ago and i want to make a mod for it, but i cant find any tutorial on the internet. How can then the other guys making those mods for minecraft server know how they are going to do? Do they try forward as i tryed or are they doing something else. I would be glad if someone could tell me how to do or find tutorials for me, couse I have tryed to find them in nearly a week of searching. But i guess im searching at the wrong spot of internet, what do i know :o

  Read the article

• How can I gain access to a player instance in a Minecraft mod?

  - by Andrew Graber

  I'm creating Minecraft mod with a pickaxe that takes away experience when you break a block. The method for taking away experience from a player is addExperience on EntityPlayer, so I need to get an instance of EntityPlayer for the player using my pickaxe when the pickaxe breaks a block, so that I can remove the appropriate amount of experience. My pickaxe class currently looks like this: public class ExperiencePickaxe extends ItemPickaxe { public ExperiencePickaxe(int ItemID, EnumToolMaterial material){ super(ItemID, material); } public boolean onBlockDestroyed(ItemStack par1ItemStack, World par2World, int par3, int par4, int par5, int par6, EntityLiving par7EntityLiving) { if ((double)Block.blocksList[par3].getBlockHardness(par2World, par4, par5, par6) != 0.0D) { EntityPlayer e = new EntityPlayer(); // create an instance e.addExperience(-1); } return true; } } Obviously, I cannot actually create a new EntityPlayer since it is an abstract class. How can I get access to the player using my pickaxe?

  Read the article

• How do I mount an HP Touchpad (Cyanogen Mod 9)?

  - by C.Werthschulte

  I've recently installed Cyanogen Mod 9 on my HP Touchpad tablet, but I'm encountering problems when trying to access it from my Ubuntu laptop (Ubuntu 11.10, Gnome-Shell, Nautilus). I've first tried accessing it via PTP as suggested here. Ubuntu will recognize the Touchpad as a digicam and only grant me access to two directories: "DCIM" and "Pictures". I then tried accessing the tablet via MTP using this post on OMGUbuntu!. Ubuntu will connect to the tablet, but only grant me access to a folder named "Playlists". I'm a bit clueless as to what I'm doing wrong and would very much appreciate any help or hints. Many thanks!

  Read the article

• Sharing files with Android devices (How do I mount an HP Touchpad, Cyanogen Mod 9?)

  - by C.Werthschulte

  I've recently installed Cyanogen Mod 9 on my HP Touchpad tablet, but I'm encountering problems when trying to access it from my Ubuntu laptop (Ubuntu 11.10, Gnome-Shell, Nautilus). I've first tried accessing it via PTP as suggested here. Ubuntu will recognize the Touchpad as a digicam and only grant me access to two directories: "DCIM" and "Pictures". I then tried accessing the tablet via MTP using this post on OMGUbuntu!. Ubuntu will connect to the tablet, but only grant me access to a folder named "Playlists". I'm a bit clueless as to what I'm doing wrong and would very much appreciate any help or hints. Many thanks!

  Read the article

• Ubuntu 13.10 on SSD (system) and HDD (data). Missing /grub/i386-pc/normal.mod

  - by Tatarkow

  I've got HDD (750 GB) and SSD (16 GB). I want to install Ubuntu (13.10) on SSD, but because of its smallness I need to install /home, /var and /tmp on HDD. After that I would like to install Windows (system + data) on another partition of that HDD, but it is not important now. I installed Ubuntu (I had formatted and partitioned the disk before), but when I restarted my laptop it said: 'error: file '/grub/i386-pc/normal.mod' not found. grub rescue'. I tried to reinstall Grub 2 using this tutorial (as sdXY I used sdb1, because it's the only one partion of my SSD), but it didn't work. Can anybody help me, please? Thanks, Tatarkow

  Read the article

• Getting PHP error/warnings when using CodeIgniter 2 to send email

  - by Sparky672

  I'm using Ion Auth and trying to implement the forgotten password feature which relies upon an email being sent from CI. My LAMP server is on a shared cPanel account and uses sendmail. However, I have the ability to over-ride any PHP settings with my own php.ini file in the public_html directory. As per the CodeIgniter 2 documentation for configuring email sending, I have done the following... 1) created a file called located at application/config/email.php 2) email.php contains this code: <?php if ( ! defined('BASEPATH')) exit('No direct script access allowed'); /* | ------------------------------------------------------------------- | EMAIL SENDING SETTINGS | ------------------------------------------------------------------- */ $config['protocol'] = 'sendmail'; /* End of file email.php */ /* Location: ./application/config/email.php */ 3) The in the application/config/ion_auth.php file, I set this value to TRUE $config['use_ci_email'] = TRUE; The email is successfully sent, but I get a variety of PHP Error Warnings on all pages. These appear on all pages, sometimes two or three times in a row: A PHP Error was encountered Severity: Warning Message: date() [function.date]: It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EST/-5.0/no DST' instead Filename: libraries/Email.php Line Number: 704 A PHP Error was encountered Severity: Warning Message: date() [function.date]: It is not safe to rely on the system's timezone settings. You are required to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/New_York' for 'EST/-5.0/no DST' instead Filename: libraries/Email.php Line Number: 709 In addition to the above, these two also show up after the forgotten password form is submitted: A PHP Error was encountered Severity: Warning Message: Cannot modify header information - headers already sent by (output started at /home/username/codeigniter/system/core/Exceptions.php:185) Filename: libraries/Session.php Line Number: 675 A PHP Error was encountered Severity: Warning Message: Cannot modify header information - headers already sent by (output started at /home/username/codeigniter/system/core/Exceptions.php:185) Filename: helpers/url_helper.php Line Number: 540 I'm not sure why I would be getting these Error Warnings or how else I am supposed to configure my email sending options. I don't see any other email sending options in the documentation that is related to these particular Warning Messages. When I remove my config/email.php file AND set Ion Auth's use_ci_email to FALSE, the Error Warnings go away. Where did I go wrong? Just before I hit the submit button, I solved this problem. I'm still going to post this question as a learning experience for others. If nobody solves this after a reasonable amount of time, I'll post the solution.

  Read the article

• OSSEC : send alerts true gmail? how?

  - by Rubytastic

  Try to setup OSSEC to use google gmail to send my alerts like so: <email_notification>yes</email_notification> <email_to>[email protected]</email_to> <smtp_server>smtp.gmail.com</smtp_server> <email_from>ossec@host</email_from> Then I set email alerts value to 3 and restart ossec. This does not trigger email alert. how to correctly send alerts with gmail? better way to test if mails are sending out?

  Read the article

• Apache Bad Request "Size of a request header field exceeds server limit" with Kerberos SSO

  - by Aurelin

  I'm setting up an SSO for Active Directory users through a website that runs on an Apache (Apache2 on SLES 11.1), and when testing with Firefox it all works fine. But when I try to open the website in Internet Explorer 8 (Windows 7), all I get is "Bad Request Your browser sent a request that this server could not understand. Size of a request header field exceeds server limit. Authorization: Negotiate [ultra long string]" My vhost.cfg looks like this: <VirtualHost hostname:443> LimitRequestFieldSize 32760 LimitRequestLine 32760 LogLevel debug <Directory "/data/pwtool/sec-data/adbauth"> AuthName "Please login with your AD-credentials (Windows Account)" AuthType Kerberos KrbMethodNegotiate on KrbAuthRealms REALM.TLD KrbServiceName HTTP/hostname Krb5Keytab /data/pwtool/conf/http_hostname.krb5.keytab KrbMethodK5Passwd on KrbLocalUserMapping on Order allow,deny Allow from all </Directory> <Directory "/data/pwtool/sec-data/adbauth"> Require valid-user </Directory> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/hostname-server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/hostname-server.key </VirtualHost> I also made sure that the cookies are deleted and tried several smaller values for LimitRequestFieldSize and LimitRequestLine. Another thing that seems weird to me is that even with LogLevel debug I won't get any logs about this. The log's last line is ssl_engine_kernel.c(1879): OpenSSL: Write: SSL negotiation finished successfully Does anyone have an idea about that?

  Read the article

• Linking Linux MIT Kerberos with a Windows 2003 Active Directory

  - by Beerdude26

  Greetings, I was wondering how one might link a Linux MIT Kerberos with a Windows 2003 Active Directory to achieve the following: A user, [email protected], attempts to log in at an Apache website, which runs on the same server as the Linux MIT Kerberos. The Apache module first asks the local Linux MIT Kerberos if he knows a user by that name or realm. The MIT Kerberos finds out it isn't responsible for that realm, and forwards the request to the Windows 2003 Active Directory. The Windows 2003 Active Directory replies positively and gives this information to the Linux MIT Kerberos, which in turn tells this to the Apache module, which grants the user access to its files. Here is an image of the situation: http://img179.imageshack.us/img179/5092/linux2k3.png (I'm not allowed to embed images just yet.) The documentation I have read concerning this issue often differ from this problem: Some discuss linking up a MIT Kerberos with an Active Directory to gain access to resources on the Active Directory server; While another uses the link to authenticate Windows users to the MIT Kerberos through the Windows 2003 Active Directory. (My problem is the other way around.) So what my question boils down to, is this: Is it possible to have a Linux MIT Kerberos server pass through requests for a Active Directory realm, and then have it receive the reply and give it to the requesting service? (Although it's not a problem if the requesting service and the Windows 2003 Active Directory communicate directly.) Suggestions and constructive criticism are greatly appreciated. :)

  Read the article

• How is the "change password at next logon" requirement supposed to work with RDP using Network Level Authentication?

  - by NReilingh

  We have a Windows server (2008 R2) with the "Remote Desktop Services" feature installed and no Active Directory domain. Remote desktop is set up to "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)". This means that before the remote screen is displayed, the connection is authenticated in a "Windows Security: Enter your credentials" window. The only two role services installed on this server is the RD Session Host and Licensing. When the "User must change password at next logon" checkbox is selected in the properties for a local user on this server, the following displays on a client computer after attempting to connect using the credentials that were last valid: On some other servers using RDP for admin access (but without the Remote Desktop Services role installed), the behavior is different -- the session begins and the user is given a change password prompt on the remote screen. What do I need to do to replicate this behavior on the Remote Desktop Services server?

  Read the article

• Apache LDAP authentication (mod_auth_ldap) on MacOS Server (10.5)

  - by Ursid

  A - Is there a LDAP authentication module (mod_auth_ldap) for the version of Apache that comes built into MacOS Server 10.5? (I'm pretty sure no, but maybe someone compiled one.) B - If not, can it be compiled into MacOS' version of Apache? (Man, that would be nice.) 3 - If I can't use the Apple version of Apache for this, what is the best way to get Apache LDAP authentication working on MacOS Server 10.5? (Preferably one that works with MacOS Servers management software)

  Read the article

• Cisco WebVPN RDP Plugin and NLA

  - by bab

  I'm having trouble finding anything in Cisco's docs or with Google searches, so I'm hoping someone out in ServerFault land might know. We've recently enabled NLA domain-wide to protect against some of the recent RDP vulnerabilities. However, we can no longer use the Cisco WebVPN on our ASA to connect to these boxes (Connection Failure). I assume this is because the RDP2 plugin (as of Apr 27 2012) doesn't support NLA? Is there another version of the plugin that does? Thanks!

  Read the article

• Nginx Server with Ruby on Rails application SMTP Authentication Error

  - by Spoons

  I'm developing a Rails app which when I run it locally, it's able to send emails through a gmail account via smtp. When I moved it to my sever (running Nginx), it comes up with the following error for example when I try to create a new user. Net::SMTPAuthenticationError in UsersController#create 535-5.7.1 Username and Password not accepted. The nginx.conf file remains the same from when I set it up.

  Read the article

• OpenLDAP Authentication UID vs CN issues

  - by user145457

  I'm having trouble authenticating services using uid for authentication, which I thought was the standard method for authentication on the user. So basically, my users are added in ldap like this: # jsmith, Users, example.com dn: uid=jsmith,ou=Users,dc=example,dc=com uidNumber: 10003 loginShell: /bin/bash sn: Smith mail: [email protected] homeDirectory: /home/jsmith displayName: John Smith givenName: John uid: jsmith gecos: John Smith gidNumber: 10000 cn: John Smith title: System Administrator But when I try to authenticate using typical webapps or services like this: jsmith password I get: ldapsearch -x -h ldap.example.com -D "cn=jsmith,ou=Users,dc=example,dc=com" -W -b "dc=example,dc=com" Enter LDAP Password: ldap_bind: Invalid credentials (49) But if I use: ldapsearch -x -h ldap.example.com -D "uid=jsmith,ou=Users,dc=example,dc=com" -W -b "dc=example,dc=com" It works. HOWEVER...most webapps and authentication methods seem to use another method. So on a webapp I'm using, unless I specify the user as: uid=smith,ou=users,dc=example,dc=com Nothing works. In the webapp I just need users to put: jsmith in the user field. Keep in mind my ldap is using the "new" cn=config method of storing settings. So if someone has an obvious ldif I'm missing please provide. Let me know if you need further info. This is openldap on ubuntu 12.04. Thanks, Dave

  Read the article

• Remote Desktop Network Level Authentication Not Supported

  - by Iszi

  I'm running Windows XP Professional SP3 x86, trying to connect to a system with Windows 7 Ultimate SP1 x64. Recently, I updated the Remote Desktop Connection software on the XP system in hopes of using Network Level Authentication (NLA) for my connections to the Windows 7 box. After the update, I connected to the Windows 7 box over RDP and enabled NLA believing that the updated client should support it. After disconnecting and attempting to reconnect, I'm presented with the following error: The remote computer requires Network Level Authentication, which your computer does not support. For assistance, contact your system administrator or technical support. So, I checked the About page in Remote Desktop Connection to make sure the update had applied. This is what I see. Remote Desktop Connection Shell Version 6.1.7600 Control Version 6.1.7600 © 2007 Microsoft Corporation. All rights reserved. Network Level Authentication not supported. Remote Desktop Protocol 7.0 supported. I thought NLA was supposed to be a part of RDP 7.0 clients. Is there a component I'm missing somewhere?

  Read the article

• Transpose matrix-style table to 3 columns in Excel

  - by polarbear2k

  I have a matrix-style table in excel where B1:Z1 are column headings and A2:A99 are row headings. I would like to convert this table to a 3 column table (column heading, row heading, cell value). It does not matter in what order the new table is. A B C D A B C A B C 1 H1 H2 H3 1 H1 R1 V1 1 H1 R1 V1 2 R1 V1 V2 V3 => 2 H1 R2 V4 or 2 H2 R1 V2 3 R2 V4 V5 V6 3 H1 R3 V7 3 H3 R1 V3 4 R3 V7 V8 V9 4 H2 R1 V2 4 H1 R2 V4 5 H2 R2 V5 5 H2 R2 V5 6 H2 R3 V8 6 H3 R2 V6 7 H3 R1 V3 7 H1 R3 V7 8 H3 R2 V6 8 H2 R3 V8 9 H3 R3 V9 9 H3 R3 V8 I've been playing around with the OFFSET function to create the whole table but I feel like a combination of TRANSPOSE and V/HLOOKUP is required. Thanks EDIT I have managed to come up with the correct formulas. If the data is in Sheet1 like in my example above, the formulas go in Sheet2: [A1] =IF(ROW() <= COUNTA(Sheet1!$B$1:$Z$1)*COUNTA(Sheet1!$A$2:$A$99), OFFSET(Sheet1!$A$1,0,IF(MOD(ROW(),COUNTA(Sheet1!$B$1:$Z$1))=0,COUNTA(Sheet1!$B$1:$Z$1),MOD(ROW(),COUNTA(Sheet1!$B$1:$Z$1)))),"") [B1] =IF(ROW() <= COUNTA(Sheet1!$B$1:$Z$1)*COUNTA(Sheet1!$A$2:$A$99),OFFSET(Sheet1!$A$1,IF(MOD(ROW(),COUNTA(Sheet1!$A$2:$A$99))=0,COUNTA(Sheet1!$A$2:$A$99),MOD(ROW(),COUNTA(Sheet1!$A$2:$A$99))),0),"") [C1] =IF(ROW() <= COUNTA(Sheet1!$B$1:$Z$1)*COUNTA(Sheet1!$A$2:$A$99),OFFSET(Sheet1!$A$1,IF(MOD(ROW(),COUNTA(Sheet1!$A$2:$A$99))=0,COUNTA(Sheet1!$A$2:$A$99),MOD(ROW(),COUNTA(Sheet1!$A$2:$A$99))),IF(MOD(ROW(),COUNTA(Sheet1!$B$1:$Z$1))=0,COUNTA(Sheet1!$B$1:$Z$1),MOD(ROW(),COUNTA(Sheet1!$B$1:$Z$1)))),"") The formulas are limited to B1:Z1 for the headings and A2:A99 for the rows (these can be increased to their maximums if required). The COUNTA() formula returns the number of cells that actually have values, which limits the number of rows returned to headings*rows. Otherwise the formulas would could go on for infinity because of the MOD function.

  Read the article

• What does 'http: getaddrinfo*.gaih_getanswer: got type "46"' mean

  - by koffie

  Today I got an e-mail from logcheck informing me that the following system event occurred. http: getaddrinfo*.gaih_getanswer: got type "46" Indeed, the above message occurs 4 times in /var/log/aut.log it occured twice yesterday around 6:46 am. And this morning it also occured twice around the same time. I wonder what this message means and if this message is something to worry about or if should just tell logcheck to ignore it. If it is something to worry about, then any pointers on how to fix the problem are appreciated.

  Read the article

• Cannot connect puppet agent to puppet master

  - by u123

  I have installed puppet 3.3.1 on a debian 7 machine (test-puppet-master) and the puppet agent on another debian 7 machine (test-puppet-agent/192.11.80.246) acting as a client. I start the master with: puppet master --verbose --no-daemonize And I start the agent with: puppet agent --server=test-puppet-master --no-daemonize --verbose Notice: Did not receive certificate which gives the following output on the master: Notice: Starting Puppet master version 3.3.1 Error: Could not resolve 192.11.80.246: no name for 192.11.80.246 Info: Inserting default '~ ^/catalog/([^/]+)$' (auth true) ACL Info: Inserting default '~ ^/node/([^/]+)$' (auth true) ACL Info: Inserting default '/file' (auth ) ACL Info: Inserting default '/certificate_revocation_list/ca' (auth true) ACL Info: Inserting default '~ ^/report/([^/]+)$' (auth true) ACL Info: Inserting default '/certificate/ca' (auth any) ACL Info: Inserting default '/certificate/' (auth any) ACL Info: Inserting default '/certificate_request' (auth any) ACL Info: Inserting default '/status' (auth true) ACL Info: Not Found: Could not find certificate test-puppet-agent Error: Could not resolve 192.11.80.246: no name for 192.11.80.246 Info: Not Found: Could not find certificate test-puppet-agent Error: Could not resolve 192.11.80.246: no name for 192.11.80.246 Info: Not Found: Could not find certificate test-puppet-agent Any ideas why the agent cannot connect?

  Read the article

• smtp sasl authentication failure

  - by cromestant

  hello, I have configured and fixed almost all the problems with my postfix +courier + mysql setup for virtual mailboxes. I can now receive mail and send it from webmail (squirrel). BUT, what I can't do is authenticate from outside client. Since my isp blocks port 25 I setup postfix to work on 1025 for smtp and setup verbose loging. Here is the verbose log of a failed authentication process LOG Authentication for imap and pop3 seem to be working but this one is not. Here is the postconf -n output. Also through mysql I can verify that it is trying to validate through the system, running a query that returns the encrypted password stored in the database. I can't seem to find the error for this. thank you in advance

  Read the article

• 530 5.7.1 Client was not authenticated Exchange 2010 for some computers within mask

  - by user1636309

  We have a classic problem with Client not Authenticated but with a specific twist: We have an Exchange 2010 cluster, let's say EX01 and EX02, the connection is always to smtp.acme.com, then it is switched through load balancer. We have an application server, call it APP01 There are clients connected to the APP01. There is a need for anonymous mail relay from both clients and APP01. The Anonymous Users setting of the Exchange is DISABLED, but the specific computers - APP01 and clients by the mask, let's say, 192.168.2.* - are enabled. For internal relay, a "Send Connector" is created, and then the above IP addresses are added for the connector to allow computers, servers, or any other device such as a copy machine to use the exchange server to relay email to recipients. The problem is that the relay works for APP01 and some clients, but not others (we get "Client not Authenticated") - all inside the same network and the same mask. This is basically what we do to test it outside of our application: http://smtp25.blogspot.sk/2009/04/530-571-client-was-not-authenticated.html So, I am looking for ideas: What can be the reason for such a strange behaviour? Where I can see the trace of what's going on at the Exchange side?

  Read the article

• apache using mod_auth_kerb always asks for the password twice

  - by DrStalker

  (Debian Squeeze) I'm trying to set apache up to use Kerberos authentication to allow AD users to log in. It is working, but prompts the user twice for a username and password, with the first time being ignored (no matter what is put it in.) Only the second prompt includes the AuthName string from the config (i.e.: the first windows is a generic username/password one, the second includes the title "Kerberos Login") I'm not worried about integrated windows authentication working at this stage, I just want users to be able to login with their AD account so we don't need to set up a second repository of user accounts. How do I fix this to eliminate that first useless prompt? The directives in the apache2.conf file: <Directory /var/www/kerberos> AuthType Kerberos AuthName "Kerberos Login" KrbMethodNegotiate On KrbMethodK5Passwd On KrbAuthRealms ONEVUE.COM.AU.LOCAL Krb5KeyTab /etc/krb5.keytab KrbServiceName HTTP/[email protected] require valid-user </Directory> krb5.conf: [libdefaults] default_realm = ONEVUE.COM.AU.LOCAL [realms] ONEVUE.COM.AU.LOCAL = { kdc = SYD01PWDC01.ONEVUE.COM.AU.LOCAL master_kdc = SYD01PWDC01.ONEVUE.COM.AU.LOCAL admin_server = SYD01PWDC01.ONEVUE.COM.AU.LOCAL default_domain = ONEVUE.COM.AU.LOCAL } [login] krb4_convert = true krb4_get_tickets = false The access log when accessing the secured directory (note the two seperate 401's) 192.168.10.115 - - [24/Aug/2012:15:52:01 +1000] "GET /kerberos/ HTTP/1.1" 401 710 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1" 192.168.10.115 - - [24/Aug/2012:15:52:06 +1000] "GET /kerberos/ HTTP/1.1" 401 680 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1" 192.168.10.115 - [email protected] [24/Aug/2012:15:52:10 +1000] "GET /kerberos/ HTTP/1.1" 200 375 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.83 Safari/537.1" And one line in error.log [Fri Aug 24 15:52:06 2012] [error] [client 192.168.0.115] gss_accept_sec_context(2) failed: An unsupported mechanism was requested (, Unknown error)

  Read the article

< Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >