Search Results

Search found 5866 results on 235 pages for 'authentication'.

Page 31/235 | < Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >

• Week in Geek: Dropbox Rolls Out 2-Step Authentication Feature in Experimental Desktop Client Build

  - by Asian Angel

  Our last edition of WIG for August is filled with news link goodness covering topics such as Firefox 17 will make add-ons more secure, password hints are easily extracted from Windows 7 and 8, the latest stable release of ChromeOS adds a new apps list feature, and more. How To Switch Webmail Providers Without Losing All Your Email How To Force Windows Applications to Use a Specific CPU HTG Explains: Is UPnP a Security Risk?

  Read the article

• Drop in service for account management, authentication, identity?

  - by Mike Repass

  I'm building an Android app and associated set of web services for uploading/downloading data. I need a basic (no frills) solution for account management (register, login, logout, verify credentials/token). What open source / third party solutions exist for this scenario? I need: create a new account db based on a salt simple web service to create a new account simple web service to authenticate supplied credentials and return some sort of token That's it, I can get by without 'fancy' email activation or password reset for the time being. Are there off-the-shelf components for this? Should I just use a 'blank' django or rails app to get this done? Seems crazy for everyone to be doing CREATE TABLE user_accounts ... Thoughts? Thank you.

  Read the article

• Best Method/Library For Remote Authentication

  - by Mike

  I have a web app that has a REST API interface: http://api.example.com/core that uses API Keys and domain specific keys (key has to be used on the specified domain). I then will have several client sites with ajax forms where we will require users to sign in before being able to submit the form. This form will add data to a table, and submit an email to several recipients along with checking credentials. This form will use an ajax submit to our REST API. All Communication to/from the API is over SSL Ideal Flow: Visitor Fills Form Out -> Enters User/pass -> Submits Form -> ajax request to REST API -> API Verifies credentials -> does CRUD -> sends emails -> returns 200/403 -> perform DOM manipulation based on return code in ajax call Are there any libraries in PHP that currently do something to this similarly? Would OAuth be a good use for this scenario? Languages used are: js/html/css/php/MySQL

  Read the article

• Silverlight 4 + RIA Services - Ready for Business: Authentication and Personalization

  To continue our series,  In real business applications our data is often very valuable and as such we need to know who is accessing what data and control certain data access to only users with privilege.  Luckily this is very easy to do with RIA Services.  For example, say we want to let only authenticated users access our data in this example.   That is as easy to accomplish as adding an attribute, see line 2 below.    1: [EnableClientAccess] 2: ...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

  Read the article

• Handle all authentication logic in database or code?

  - by Snuffleupagus

  We're starting a new(ish) project at work that has been handed off to me. A lot of the database sided stuff has been fleshed out, including some stored procedures. One of the stored procedures, for example, handles creation of a new user. All of the data is validated in the stored procedure (for example, password must be at least 8 characters long, must contain numbers, etc) and other things, such as hashing the password, is done in the database as well. Is it normal/right for everything to be handled in the stored procedure instead of the application itself? It's nice that any application can use the stored procedure and have the same validation, but the application should have a standard framework/API function that solves the same problem. I also feel like it takes away the data from the application and is going to be harder to maintain/add new features to.

  Read the article

• CUPS Authentication for Admin on localhost:631 interface

  - by Tony Kruse

  I have searched quite a bit, saw the one response that purported to have a solution to this but it did not work in my case. My Brother printer is not shown in CUPS so I go to Admin-Add Printer it gives me the User Name/Password popup with refuses to recognize my user name on the machine. This is a brand new install of 13.1. My Restrict Access to the admin pages section has: Order allow, deny Allow localhost

  Read the article

• Sending login form to an open-mesh acess point for authentication with my own RADIUS server

  - by PachinSV

  I have my RADIUS server up and running and a custom external captive portal. But I'm not sure: what information should I send to the Open-Mesh AP with my login form (it is necessary to encrypt the password?, because if I don't use a secret word to encrypt in my network configuration the RADIUS server complaints about it and in the log shows me some strange characters in the password) I don't know what to do with the "challenge" and "md" parameters in my login splash page. Thank you very much for your help.

  Read the article

• Security: "Creating Custom Authentication"

  Build single sign-on/sign-off for a suite of applications in Oracle Application Express.

  Read the article

• SonicOS Enhanced 5.8.1.2 L2TP VPN Authentication Failed

  - by Dean A. Vassallo

  I have a SonicWall TZ 215 running SonicOS Enhanced 5.8.1.2-6o. I have configured the L2TP VPN using the default crypto suite ESP: 3DES/HMAC SHA1 (IKE). Proposals are as such: IKE (Phase 1) Proposal DH Group: Group 2 Encryption: 3DES Authentication: SHA1 Life Time (seconds): 28800 Ipsec (Phase 2) Proposal Protocol: ESP Encryption: 3DES Authentication: SHA1 Enable Perfect Forward Secrecy DISABLED Life Time (seconds): 28800 When attempting to connect via my Mac OS X client I get an authentication error. It appears to pass the pre-authentication but fails to complete. I am at a complete loss. I reconfigured from scratch multiple times...used simple usernames and passwords to verify this wasn't a miskeyed password issue. I have Here are the logs (noted IP has been removed for privacy): 7/1/13 8:19:05.174 PM pppd[1268]: setup_security_context server port: 0x1503 7/1/13 8:19:05.190 PM pppd[1268]: publish_entry SCDSet() failed: Success! 7/1/13 8:19:05.191 PM pppd[1268]: publish_entry SCDSet() failed: Success! 7/1/13 8:19:05.191 PM pppd[1268]: pppd 2.4.2 (Apple version 727.1.1) started by dean, uid 501 7/1/13 8:19:05.192 PM pppd[1268]: L2TP connecting to server ‘0.0.0.0’ (0.0.0.0)... 7/1/13 8:19:05.193 PM pppd[1268]: IPSec connection started 7/1/13 8:19:05.208 PM racoon[1269]: accepted connection on vpn control socket. 7/1/13 8:19:05.209 PM racoon[1269]: Connecting. 7/1/13 8:19:05.209 PM racoon[1269]: IPSec Phase 1 started (Initiated by me). 7/1/13 8:19:05.209 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 1). 7/1/13 8:19:05.209 PM racoon[1269]: >>>>> phase change status = Phase 1 started by us 7/1/13 8:19:05.231 PM racoon[1269]: >>>>> phase change status = Phase 1 started by peer 7/1/13 8:19:05.231 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 2). 7/1/13 8:19:05.234 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 3). 7/1/13 8:19:05.293 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 4). 7/1/13 8:19:05.295 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Main-Mode message 5). 7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 AUTH: success. (Initiator, Main-Mode Message 6). 7/1/13 8:19:05.315 PM racoon[1269]: IKE Packet: receive success. (Initiator, Main-Mode message 6). 7/1/13 8:19:05.315 PM racoon[1269]: IKEv1 Phase 1 Initiator: success. (Initiator, Main-Mode). 7/1/13 8:19:05.315 PM racoon[1269]: IPSec Phase 1 established (Initiated by me). 7/1/13 8:19:06.307 PM racoon[1269]: IPSec Phase 2 started (Initiated by me). 7/1/13 8:19:06.307 PM racoon[1269]: >>>>> phase change status = Phase 2 started 7/1/13 8:19:06.308 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1). 7/1/13 8:19:06.332 PM racoon[1269]: attribute has been modified. 7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: receive success. (Initiator, Quick-Mode message 2). 7/1/13 8:19:06.332 PM racoon[1269]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3). 7/1/13 8:19:06.333 PM racoon[1269]: IKEv1 Phase 2 Initiator: success. (Initiator, Quick-Mode). 7/1/13 8:19:06.333 PM racoon[1269]: IPSec Phase 2 established (Initiated by me). 7/1/13 8:19:06.333 PM racoon[1269]: >>>>> phase change status = Phase 2 established 7/1/13 8:19:06.333 PM pppd[1268]: IPSec connection established 7/1/13 8:19:07.145 PM pppd[1268]: L2TP connection established. 7/1/13 8:19:07.000 PM kernel[0]: ppp0: is now delegating en0 (type 0x6, family 2, sub-family 3) 7/1/13 8:19:07.146 PM pppd[1268]: Connect: ppp0 <--> socket[34:18] 7/1/13 8:19:08.709 PM pppd[1268]: MS-CHAPv2 mutual authentication failed. 7/1/13 8:19:08.710 PM pppd[1268]: Connection terminated. 7/1/13 8:19:08.710 PM pppd[1268]: L2TP disconnecting... 7/1/13 8:19:08.711 PM pppd[1268]: L2TP disconnected 7/1/13 8:19:08.711 PM racoon[1269]: IPSec disconnecting from server 0.0.0.0 7/1/13 8:19:08.711 PM racoon[1269]: IKE Packet: transmit success. (Information message). 7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA). 7/1/13 8:19:08.712 PM racoon[1269]: IKE Packet: transmit success. (Information message). 7/1/13 8:19:08.712 PM racoon[1269]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA). 7/1/13 8:19:08.713 PM racoon[1269]: glob found no matches for path "/var/run/racoon/*.conf" 7/1/13 8:19:08.714 PM racoon[1269]: pfkey DELETE failed: No such file or directory

  Read the article

• API Auth vs User Auth

  - by user1626384

  I have read many posts and articles on this topic but still cant connect the dots. I want to make a Rails app that is strictly a JSON API maybe using Sinatra or the rails-api gem. I also want to make both a web client app and an iPhone app which consumes the API. No plans on letting third party dev's use it. So I could create a separate username/password combination for both the web and mobile client and use HTTP Basic over SSL. Each app would have these values as configs in the source and use it to authenticate to the API so only these can make a call. Anyone else trying would get a 401 error returned. This would be considered handling the API authentication. The web and mobile client apps allow end users to sign up and read/write data to the API. When each user is created, I create and save a token in their profile. If a user successfully signs in, I send back the token. On each future read/write then also send along this token in the header. I get the token and lookup the user in the database and make the read/write. Does this sound like an appropriate way to handle it. For the web client, when I initially send back the token, where do I store it. In a cookie? Do I also drop a cookie to handle session state?

  Read the article

• How to fix sudo: setreuid(ROOT_UID, user_uid): Operation not permitted error?

  - by David R.

  I am using LDAP authentication on my Ubuntu 11.10 server. I installed libpam-ldap, and configured things accordingly. It works great, except that I get this error every once in a while when I try to sudo: sudo: setreuid(ROOT_UID, user_uid): Operation not permitted I know I have sudoers set up correctly, since it works most of the time. It's not just my log in either, others have the same problem when I have it. When this error is occurring, I can't ssh in with my regular system user at all. When I sign in directly, I can't get any gnome-terminal to start. Once I restart the server, the problem goes away. 'Course, that's not a solution, if it was a prod server, I'd be in trouble. How do I fix this? Edit 3/1/12: I just figured out that if stop and start the nscd service, the problem goes away. service nscd stop service nscd start Not much of a solution since I have to be logged into the server directly, not via ssh.

  Read the article

• How do I install FreeNX server so that it works correctly?

  - by Niklas

  I've tried every single possible way of installing the server now, I've read every how to available and I still can't get it to work. Please let me know in which step I do wrong. I'm using ubuntu 10.10. I will mainly be referring to the following how-to, but also this, and this one. First I add the ppa Install Freenx Download the special Freenx package as stated in the howto, fix ownership - install it Create custom SSH key Copy the file /var/lib/nxserver/home/.ssh/client.id_dsa.key to the client and import it in nomachine (windows 7 x64) Check that both the user I will be logging in with and the user nx is in AllowedUsers in the /etc/ssh/sshd_config file Check the port that ssh is listening on Login through nomachine with my regular user account in ubuntu I always receive the message "authentication failed for [user]" when I try to log in. And I can't see the user "nx" which is said to be created during installation when I look under System-Administration-"Users & Groups". Can anyone please enlighten me if there is any step that I miss or have misunderstood? Thank you very much! (Or is there an easier way of enabling remote desktop that it can be used with a windows machine? I prefer not using VNC because I was hoping of being able to get better performance than that. And when I tried using XRDP I only received a black screen on the client.)

  Read the article

• Cannot authenticate to SBS 2003

  - by Lerp

  I am trying to connect my machine to my work's entirely windows network and I am having a few issues: Whenever I try to access the server, the authentication dialog just keeps popping back up. I cannot connect to the printers (it says connecting to device failed) I have tried setting up samba, winbind, kerberos, likewise open all to no avail. I have a feeling I am just setting them up wrong. My nautilus shows this when I go to Network Windows Network MASTERMAGNETS I can ping both MASTERMAGNETS.LOCAL and 192.168.0.2 after modifying my /etc/hosts james@jamesmaddison:~$ cat /etc/hosts 127.0.0.1 localhost jamesmaddison 192.168.0.2 MASTERMAGNETS.LOCAL 192.168.0.50 Sharp-Printer # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters I believe that's the correct domain (not sure if that's the correct term) as when I do nslookup MASTERMAGNETS.LOCAL I get the following: james@jamesmaddison:~$ nslookup MASTERMAGNETS.LOCAL Server: 192.168.0.2 Address: 192.168.0.2#53 Name: MASTERMAGNETS.LOCAL Address: 192.168.0.3 Name: MASTERMAGNETS.LOCAL Address: 192.168.0.2 It all worked fine before I reinstalled Ubuntu and now I just cannot get access to the server. All help is appreciated, I need to get this working or I fear I will be forced to develop in a windows environment :(

  Read the article

• Implicit OAuth2 endpoint vs. cookies

  - by Jamie

  I currently have an app which basically runs two halves of an API - a restful API for the web app, and a synchronisation API for the native clients (all over SSL). The web app is completely javascript based and is quite similar to the native clients anyway - except it currently does not work offline. What I'm hoping to do is merge the fragmented APIs into a single restful API. The web app currently authenticates by issuing a cookie to the client whereas the native clients work using a custom HMAC access token implementation. Obviously a public/private key scenario for a javascript app is a little pointless. I think the best solution would be to create an OAuth2 endpoint on the API (like Instagram, for example http://instagram.com/developer/authentication/) which is used by both the native apps and the web app. My question is, in terms of security how does an implicit OAuth2 flow compare (storing the access token in local storage) to "secure" cookies? Presumably although SSL solves man in the middle attacks, the user could theoretically grab the access token from local storage and copy it to another machine?

  Read the article

• correct way to implement auth/acl in mvc

  - by WiseStrawberry

  I am looking into making a correctly laid out MVC auth/acl system. I think I want the authentication of a user (and the session handling) to be seperate from the ACL system. (I don't know why but this seems a good idea from the things I've read) What does mvc have to do with this question you ask? Because I wish for the application to be well integrated with my acl. An example of a controller (CodeIgniter) <?php class forums extends MX_Controller { $allowed = array('users', 'admin'); $need_login = true; function __construct() { //example of checking if logged in. if($this->auth->logged_in() && $this->auth->is_admin()) { echo "you're logged in!"; } } public function add_topic() { if($this->auth->allowed('add_topic') { //some add topic things. } else { echo 'not allowed to add topic'; } } } ?> My thoughts $this->auth would be autoloaded in the system. I would like to check the $allowed array against the user currently (not) logged in and react accordingly. Is this a good way of doing things? I haven't seen much literature on mvc integration and auth. I want to make things as easy as possible.

  Read the article

• SIMPLEST way to set up password protection for a static site, with basic admin UI?

  - by Joseph Turian

  I have a static site. I would like the simplest approach to password protecting a directory, with a basic admin UI for adding/removing users. I will have so few users that I don't care about performance. I don't care if it's PHP or Django or whatever, I just want a complete software package. Apache basic auth isn't good, because you can't log out. Nor is there a UI for adding users. I tried throwing everything behind Django auth and serving the files through Django. However, Chrome treats all my text/css headers as text/plain, so I don't get any stylesheets showing. I can't use mod_xsendfile on my server because I can't reconfigure Apache to add new modules. I think this approach is overkill anyway. I can try configuring Nginx's X-Accel-Redirect, however that requires implementing all the Django code for auth myself, and I'd prefer an existing solution. However, this is my backup plan. Is there a code package that implements authentication with basic admin for a static site?

  Read the article

• Can I set up samba so it automatically allows all the local usernames and passwords?

  - by dialer

  I have set up samba like this (this is the complete smb.conf): [global] log file = /var/log/samba/log log level = 2 security = user [homes] browsable = false read only = no valid users = %S I'd like to enable every user on server to access their home directories, but for some unknown reason only my 'administrator' account can do so. (I have done that with ftp before, but now smb is also needed). When I try to smbclient -L localhost -U [user], I get NT_STATUS_LOGON_FAILURE, except with the administrator (which is the user created during the ubuntu installation, not root). The samba log file says NT_STATUS_NO_SUCH_USER: [2012/04/04 20:26:02.081454, 2] smbd/reply.c:554(reply_special) netbios connect: name1=LOCALHOST 0x20 name2=DIALER-X 0x0 [2012/04/04 20:26:02.081733, 2] smbd/reply.c:565(reply_special) netbios connect: local=localhost remote=dialer-x, name type = 0 [2012/04/04 20:26:02.087200, 2] auth/auth.c:314(check_ntlm_password) check_ntlm_password: Authentication for user [public] - [public] FAILED with error NT_STATUS_NO_SUCH_USER I suspect that I have to manually create samba users, but the man pages state that If the client has passed a username/password pair and that username/password pair is validated by the UNIX system's password programs, the connection is made as that username. To me that sounds like as long as the provided username/password is a valid login on the server, it should work. Am I missing something totally obvious? I don't want / can't afford to manually update the samba users and passwords to match the server's. 11.10

  Read the article

• What is the correct way to implement Auth/ACL in MVC?

  - by WiseStrawberry

  I am looking into making a correctly laid out MVC Auth/ACL system. I think I want the authentication of a user (and the session handling) to be separate from the ACL system. (I don't know why but this seems a good idea from the things I've read.) What does MVC have to do with this question you ask? Because I wish for the application to be well integrated with my ACL. An example of a controller (CodeIgniter): <?php class forums extends MX_Controller { $allowed = array('users', 'admin'); $need_login = true; function __construct() { //example of checking if logged in. if($this->auth->logged_in() && $this->auth->is_admin()) { echo "you're logged in!"; } } public function add_topic() { if($this->auth->allowed('add_topic') { //some add topic things. } else { echo 'not allowed to add topic'; } } } ?> My thoughts $this->auth would be autoloaded in the system. I would like to check the $allowed array against the user currently (not) logged in and react accordingly. Is this a good way of doing things? I haven't seen much literature on MVC integration and Auth. I want to make things as easy as possible.

  Read the article

• Approach to Authenticate Clients to TCP Server

  - by dab

  I'm writing a Server/Client application where clients will connect to the server. What I want to do, is make sure that the client connecting to the server is actually using my protocol and I can "trust" the data being sent from the client to the server. What I thought about doing is creating a sort of hash on the client's machine that follows a particular algorithm. What I did in a previous version was took their IP address, the client version, and a few other attributes of the client and sent it as a calculated hash to the server, who then took their IP, and the version of the protocol the client claimed to be using, and calculated that number to see if they matched. This works ok until you get clients that connect from within a router environment where their internal IP is different from their external IP. My fix for this was to pass the client's internal IP used to calculate this hash with the authentication protocol. My fear is this approach is not secure enough. Since I'm passing the data used to create the "auth hash". Here's an example of what I'm talking about: Client IP: 192.168.1.10, Version: 2.4.5.2 hash = 2*4*5*1 * (1+9+2) * (1+6+8) * (1) * (1+0) Client Connects to Server client sends: auth hash ip version Server calculates that info, and accepts or denies the hash. Before I go and come up with another algorithm to prove a client can provide data a server (or use this existing algorithm), I was wondering if there are any existing, proven, and secure systems out there for generating a hash that both sides can generate with general knowledge. The server won't know about the client until the very first connection is established. The protocol's intent is to manage a network of clients who will be contributing data to the server periodically. New clients will be added simply by connecting the client to the server and "registering" with the server. So a client connects to the server for the first time, and registers their info (mac address or some other kind of unique computer identifier), then when they connect again, the server will recognize that client as a previous person and associate them with their data in the database.

  Read the article

• How can I restore my Acer Aspire one GNU version 1.98 to factory settings?

  - by user100380

  Requires keyring and authentication to install and unistall programs or update anything. I just want to restart from scratch so i can clean it up anyways. Can anyone help? Also, on start up a list on a black screen will come up saying Ubuntu with linux version 26.32-40 generic or recovery version and at the bottom of different versions has one Window 7 loader option. When I get into recovery menu to try and restore to factory settings my netbook has no restore option. I've tried pressing alt-f10 and holding alt and repeatedly tap f10 but nothing seems to work, and my acer asks for a password login to even load windows 7 which I don't have. Any ideas? I've looked a lot on the internet for help but I'm getting to my last resort, to get of this thing for once and for all. I want to be able to personalize and add programs as I please, this is all bs to go through to unistall one freaking game or get rid of ubuntu gnome keyring!! Please help!! Thank you. :)

  Read the article

• Spring Security DB Authentication w/Hibernate and hashed passwords?

  - by Seth

  I'm trying to set up spring security 3 to authenticate users against my hibernate 3 database. I'm storing only sha1 hashes of the passwords in the database (not plaintext). I've looked at this and this, which tell me to implement my own UserDetailsService. Unfortunately, the UserDetails that loadUserByUsername spits out seem to need the plaintext password, which I don't have. How is this usually handled? Can Spring Security actually do what I need here? Am I missing something?

  Read the article

• Authenticating Apache HTTPd against multiple LDAP servers with expired accounts

  - by Brian Bassett

  We're using mod_authnz_ldap and mod_authn_alias in Apache 2.2.9 (as shipped in Debian 5.0, 2.2.9-10+lenny7) to authenticate against multiple Active Directory domains for hosting a Subversion repository. Our current configuration is: # Turn up logging LogLevel debug # Define authentication providers <AuthnProviderAlias ldap alpha> AuthLDAPBindDN "CN=Subversion,OU=Service Accounts,O=Alpha" AuthLDAPBindPassword [[REDACTED]] AuthLDAPURL ldap://dc01.alpha:3268/?sAMAccountName?sub? </AuthnProviderAlias> <AuthnProviderAlias ldap beta> AuthLDAPBindDN "CN=LDAPAuth,OU=Service Accounts,O=Beta" AuthLDAPBindPassword [[REDACTED]] AuthLDAPURL ldap://ldap.beta:3268/?sAMAccountName?sub? </AuthnProviderAlias> # Subversion Repository <Location /svn> DAV svn SVNPath /opt/svn/repo AuthName "Subversion" AuthType Basic AuthBasicProvider alpha beta AuthzLDAPAuthoritative off AuthzSVNAccessFile /opt/svn/authz require valid-user </Location> We're encountering issues with users that have accounts in both Alpha and Beta, especially when their accounts in Alpha are expired (but still present; company policy is that the accounts live on for at a minimum of 1 year). For example, when the user x (which has en expired account in Alpha, and a valid account in Beta), the Apache error log reports the following: [Tue May 11 13:42:07 2010] [debug] mod_authnz_ldap.c(377): [client 10.1.1.104] [14817] auth_ldap authenticate: using URL ldap://dc01.alpha:3268/?sAMAccountName?sub? [Tue May 11 13:42:08 2010] [warn] [client 10.1.1.104] [14817] auth_ldap authenticate: user x authentication failed; URI /svn/ [ldap_simple_bind_s() to check user credentials failed][Invalid credentials] [Tue May 11 13:42:08 2010] [error] [client 10.1.1.104] user x: authentication failure for "/svn/": Password Mismatch [Tue May 11 13:42:08 2010] [debug] mod_deflate.c(615): [client 10.1.1.104] Zlib: Compressed 527 to 359 : URL /svn/ Attempting to authenticate as a non-existant user (nobodycool) results in the correct behavior of querying both LDAP servers: [Tue May 11 13:42:40 2010] [debug] mod_authnz_ldap.c(377): [client 10.1.1.104] [14815] auth_ldap authenticate: using URL ldap://dc01.alpha:3268/?sAMAccountName?sub? [Tue May 11 13:42:40 2010] [warn] [client 10.1.1.104] [14815] auth_ldap authenticate: user nobodycool authentication failed; URI /svn/ [User not found][No such object] [Tue May 11 13:42:40 2010] [debug] mod_authnz_ldap.c(377): [client 10.1.1.104] [14815] auth_ldap authenticate: using URL ldap://ldap.beta:3268/?sAMAccountName?sub? [Tue May 11 13:42:44 2010] [warn] [client 10.1.1.104] [14815] auth_ldap authenticate: user nobodycool authentication failed; URI /svn/ [User not found][No such object] [Tue May 11 13:42:44 2010] [error] [client 10.1.1.104] user nobodycool not found: /svn/ [Tue May 11 13:42:44 2010] [debug] mod_deflate.c(615): [client 10.1.1.104] Zlib: Compressed 527 to 359 : URL /svn/ How do I configure Apache to correctly query Beta if it encounters an expired account in Alpha?

  Read the article

• Uploadify works for Visual Studio but not for IIS 7(same machines), using Forms authentication. Doe

  - by Marc

  I'm using the Uploadify jQuery control for client-side uploads. I think my IIS 7 configuration has issues with it. The uploadify POST immediately returns a HTTP 1.1 302 Found, back to my login page. I've tried to allow anonymous access to the uploading section(subfolder) plus the page(script) that processes the image in the web.config, using the location node(configuration ... location). Seems like the Uploadify post is immediately blocked. Again, this worked fine just using Visual Studio 2008, but when I run the site on the same machine I get the redirect. Your thoughts/ideas are very welcomed!

  Read the article

• How do I set up one time password authentication?

  - by scraimer

  I have a home network which I access remotely quite a bit. But I'm worried about security. While I do have strong passwords, I'm worried that someone will acquire my password and use it to gain access. I heard about "one time passwords" and even got to use them at my university. We'd just press a button on a device (or run an application on a phone) and get a generated password that would work for the next minute or so. How can I set something like that up? Are there systems that are easy to use and set up? Has anyone played around with an SDK of one of these systems? Where can I get a starter kit from? EDIT: I'm running a mixed Linux and Windows network, and I'm vaguely hoping to use this for authenticating on both operating systems. (No, there's no domain controller, but I can set one up using Samba, I suppose.)

  Read the article

• Problem with authentication from different domains using Django sessions.

  - by Greg

  Hi all, I am developing a bookmarklet which essentially adds a toolbar to a web page user is currently looking at. To use it, user needs to be logged in. To login user clicks on 'Singin' which displays a standard form containing Username, Password etc fields. When user successfully logs in they may chose to navigate to a different web-site. When on another page, they (a) re-load the bookmarklet (b) their session is retrieved from the server (c) user doesn't need to login again. Pretty standard I've would have thought. Using Django sessions and JQuery. I'm having troubles implementing the above usecase. Here are some problems I've encountered: Cross domain POST AJAX requests are disallowed. That was solved with JSONp. I doubt it is a very secure approach but for now it works. My server returns the session id in a cookie, however when the user navigates to a different page I don't really know how to retrieve that session id to send back to my server. Can I even read third party cookies from my JavaScript? I'm looking for some guidelines on implementing the above usecase. Ideally I don't want to redirect user to another page for them to sign in. Any suggestion would be greatly appreciated. Thanks.

  Read the article

< Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >