Search Results

Search found 6090 results on 244 pages for 'digest authentication'.

Page 49/244 | < Previous Page | 45 46 47 48 49 50 51 52 53 54 55 56  | Next Page >

• Picking up a lot of failed authentications for various accounts

  - by Josh K

  My server is getting a lot of various failed authentication attempts for various accounts. The most common one (that I've seen ) or the root account. I have since enabled Fail2Ban and ran several rootkit / malware checks to ensure I wasn't compromised. Is there anything else I should do? I only have three accounts enabled, and SSH access for only two. I have a full 48hr ban on anyone making more then six failed SSH login attempts. I do not have FTP enabled.

  Read the article

• Hiding a HTTP Auth-Realm by sending 404 to non-known IPs?

  - by zhenech

  I have an Apache (2.2) serving a web-app on example.com. That web-app has a debug-page reachable via example.com/debug. /debug is currently protected with a HTTP basic auth. As there is only a very small user-base who has access to the debug-page, I would like to hide it based on IP address and return 404 to clients not accessing from our VPN. Serving a 404 based on IP-address only is easy and is described in http://serverfault.com/a/13071. But as soon I add authentication, the users see a 401 instead of a 404. Basically, what I need is: if ($REMOTE_ADDR ~ 10.11.12.*): do_basic_auth (aka return 401) else: return 404

  Read the article

• Unable to set NTFS permissions for ApplicationPoolIdentity on Windows 2008 SP2

  - by Kev

  On Windows 2008 R2 I am able to set NTFS permissions for an application pool's synthesised ApplicationPoolIdentity account thus: ICACLS d:\websites\site1\www /grant "IIS AppPool\site1":(CI)(OI)(M) The website's application pool is named site1 and is configured to run as ApplicationPoolIdentity. The site's authentication is also configured to authenticate as ApplicationPoolIdentity. I've done this a thousand times on Windows 2008 Standard Edition R2 with never a hitch. However if I try to do the same in Windows 2008 Standard Edition SP2 I get the error: IIS AppPool\site1: No mapping between account names and security IDs was done. Successfully processed 0 files; Failed processing 1 files I also notice that this fails if I try to set permissions for the application pool identity via the security GUI as well. I've seen this before and a reboot has cleared this issue but I'd like to know why this happens periodically. Googling around suggests other folks have hit this problem but there's never a satisfactory explanation. Why would this be?

  Read the article

• Chrome - Why am I automatically authenticated to a web app even after clearing browser cookies?

  - by Howiecamp

  I am accessing a web application using Chrome. If I sign out of the app and clear all Chrome history/cookies/etc (even Flash cookies which are now handled by Chrome in the same Clear History area) and then re-access the site, I am automatically logged in without being prompted for credentials. I then launched Chrome in Incognito mode and was able to reproduce the same behavior. However, the I was prompted upon the first logon while in Incognito mode. The web application behaves as expected in Internet Explorer 10. Some info about the application: It's a Sharepoint site using NTLM authentication The credentials are Active Directory-based, as the username is domain\username My connection is over the Internet and there is no AD relationship between my local Windows account, my Windows PC. In other words I (meaning my locally logged on user and my PC) are not in any way part of their AD domain. The site is running SSL on port 443 Why might Chrome be automatically authenticating me?

  Read the article

• How to set up custom 401 error page or redirect in WSS3 SP2

  - by Stacy Vicknair

  I've got a WSS3 sharepoint site that requires windows authentication both in IIS and via the Sharepoint site. What I would like to do is in the case that a user does not provide valid AD credentials they are redirected to a custom error page. Currently, if the user immediately hits cancel when prompthey will see a plain text response of "401 UNAUTHORIZED". If they make an attempt and then hit cancel they instead see a blank page. I have looked into several options such as customErrors, httpModule interception (only saw examples for this after the user is authenticated), IIS Url rewrites (didn't see how this could help). Is there a good way to do this?

  Read the article

• How to control remote access to Sonicwall VPN beyond passwords?

  - by pghcpa

  I have a SonicWall TZ-210. I want an extremely easy way to limit external remote access to the VPN beyond just username and password, but I do not wish to buy/deploy a OTP appliance because that is overkill for my situation. I also do not want to use IPSec because my remote users are roaming. I want the user to be in physical possession of something, whether that is a pre-configured client with an encrypted key or a certificate .cer/.pfx of some sort. SonicWall used to offer "Certificate Services" for authentication, but apparently discontinued that a long time ago. So, what is everyone using in its place? Beyond the "Fortune 500" expensive solution, how do I limit access to the VPN to only those users who have possession of a certificate file or some other file or something beyond passwords? Thanks.

  Read the article

• Managing service passwords with Puppet

  - by Jeff Ferland

  I'm setting up my Bacula configuration in Puppet. One thing I want to do is ensure that each password field is different. My current thought is to hash the hostname with a secret value that would ensure each file daemon has a unique password and that password can be written to both the director configuration and the file server. I definitely don't want to use one universal password as that would permit anybody who might compromise one machine to get access to any machine through Bacula. Is there another way to do this other than using a hash function to generate the passwords? Clarification: This is NOT about user accounts for services. This is about the authentication tokens (to use another term) in the client / server files. Example snippet: Director { # define myself Name = <%= hostname $>-dir QueryFile = "/etc/bacula/scripts/query.sql" WorkingDirectory = "/var/lib/bacula" PidDirectory = "/var/run/bacula" Maximum Concurrent Jobs = 3 Password = "<%= somePasswordFunction =>" # Console password Messages = Daemon }

  Read the article

• Apache ProxyPass/ProxyPassReverse to IIS

  - by Dana

  We have an ASP.NET web application which is mapped to a folder on an apache hosted php site using ProxyPass.ProxyPassReverse. A couple of problems being encountered. cookies are being lost which breaks the site navigation, this can be overcome by setting the asp app as cookieless. Forms authentication is used on the ASP site, this is also broken withe the proxypass in place, suspect this is cookie related also. ASP site works ok when run from a domain/ip address. Use of a separate domain / sub-domain is not an option duew to client requirements.

  Read the article

• Cannot access folder locally, but can remotely

  - by Cylindric

  I'm having a peculiar problem on one of my servers at the moment, which seems to be related to authentication in some way, but I have no idea how to find the root of the problem. I have a folder on the server D:\Somefolder\Logs. If I am connected to the server via an RDP terminal, so essentially "local", I cannot access that folder - I get an access denied. If I am connecting from my machine to it using the share \server\d$\Somefolder\Logs, I can access it. I'm logging in to both machines as the same user. Permissions on the folder seem quite simple, CREATOR OWNER, SYSTEM and Administrators. I am a Domain Admin, and they are in the local "Administrators" group. It is also affecting things like access to SQL Server, so I don't think it's a simple folder-permissions thing. For example, I cannot connect SQL Management Studio to all the local SQL instances using a domain account, but I can if I connect remotely to it.

  Read the article

• iptables, allow access from certain MAC addresses

  - by user788171

  Presently, I limit which clients can access my server by using IP addresses via iptables, only approved IP addresses can connect. However, the problem with this is if a client is on a laptop and goes to a different location, they can no longer connect because the IP has changed. For a variety of reasons, iptables authentication is the only option I have. Is there a way to restrict access by device instead of ip address. For instance, only allow certain MAC address to connect to port 5000. Is it possible to do this via iptables? Note, the computers are not on the same network, they could be connecting from anywhere in the world.

  Read the article

• Is there a Google Authenticator desktop client?

  - by cwd

  I am using Google Authenticator for 2-step authentication. I like how I can use a code and verify my account using my phone: I realize that the app was designed to run on a device other than a computer to increase security for the computer (in case that it is lost or stolen), but I would like to know if there is a way I can run Google Authenticator on my Macbook. Now, per the Google Authenticator Page it will not run on a desktop: What devices does Google Authenticator work on? Android version 2.1 or later BlackBerry OS 4.5 - 6.0 iPhone iOS 3.1.3 or later However there are several emulators for developers and so I wonder if it is possible to run one of these emulators and then run Google Authenticator with that. I do realize this is not a best practice - but I'm less worried about my laptop getting stolen and more worried about someone just hacking the account. So my question is this: Is it possible to run it on the desktop, even though it is not meant to be / not recommended?

  Read the article

• Any cloud storage service that lets us to authenticate the file when we serve the file to our visito

  - by TORr0t

  Lets say, i want to restrict a file to my visitors. I mean , i have an xx.avi file to be streamed/downloaded, and the visitor paid me for the bandwidth and the size of the file. In amazon s3, i cant control the file at all .(there is a very basic control thing which is not ok for me) Only way is my server can proxy the file, like it fetches the file from amazon s3 storagenode and send it to the owner with authentication approval by a php script. But this way i would double up the bandwidth usage and again there would be latency problem since my server needs to get the file from amazon s3. So i was wondering if there is a better solution or any cloud storage service that lets us to control the file restriction to my visitors. Thanks

  Read the article

• Sharepoint asks for NTLM credentials for every unique URL. How do I stop it?

  - by CamronBute

  I'm tasked with troubleshooting a problem we're having with a SP2010 site. The app is external, and there are several clients that must connect. Some clients are receiving a crazy amount of credential requests when trying to log on. It appears to ask for every unique URL (eg. every different picture, link, etc) and it won't stop. Other clients are having no problems. I cannot seem to replicate the issue, either. I'm attempting to replicate by restricting all settings (including cookies) on my own browser, but to no avail. I put the HTTP request under a microscope, and it's asking for NTLM credentials. The client is using IE8, and the browser is running in Protected Mode, but the browser settings cannot be determined... I'm guessing this is a webserver thing, simply because it appears to be an authentication thing. What might the problem be?

  Read the article

• Possible? OpenVPN server requiring both certificate- AND password-based login (via Tomato router firmware)

  - by Eric

  I've been using Shibby's build of Tomato (64k NVRAM version) on my Asus N66U router in order to run an OpenVPN server. I'm curious whether it's possible to setup this OpenVPN server to require both a certificate AND a username/password before a user is allowed access. I noticed there's a "challenge password" entry when filling out the certificate details, but everyone says to leave it blank "or else"; I have no idea why, and I can't find an explanation. In addition, I've Google'd this issue a bunch and have noticed people talking about a PAM module for OpenVPN in order to authenticate via username/password, but that appeared to be an either/or option; in other words, I can force authentication via username/password OR certificate. I want to require both. Is this possible? If so, how?

  Read the article

• Single Sign on for RDS

  - by stumct

  I currently have an RDS farm which is used for running remote apps for a large group of users. When logging in these users must authenticate to the RDS web page to view their list of applications. Then they authenticate again upon clicking the application the require. How can I enable this to use the users current windows authentication so they do not have to log in at each step. Ideally since the user is logged in to their local machine with their windows account, they should not need to continuously authenticate.

  Read the article

• How do I make the PolicyKit authentication agent window not dissapear when I enter faulty password in Ubuntu 12.04?

  - by Petar

  As far as I remember in previous versions of Ubuntu, whenever authentication was required and when the PolicyKit authentication agent window was presented, it stayed there even after I would enter a faulty password. But now, whenever I make a mistake, the window is closed immediately. I find this behaviour irritating. For instance I use Synaptic rather frequently, and I prefer to start it using Synapse. I press Ctrl+Space to invoke Synapse, then I enter "syn" (s-shows SMplayer, sy- shows System Monitor) and than I press Enter so that Synaptic is invoked. Then I'm presented with the PolicyKit authentication agent window. As my password is rather complicated - using special characters and big letters, it's easy to make a mistake. If I do make a mistake while typing my password, I'm forced to redo all the previous steps. It's annoying as hell, knowing that this is not the way the PolicyKit authentication agent window behaved before. It used to warn me that the password was not correct and than wait for the correct input. I'm not sure if it allowed trying for the correct password indefinitely, or it was limited to 3 retries which is a much saner behaviour than the current one. I'm using Gnome 3, but the same thing happens in Unity too, although the window looks different.

  Read the article

• 407 Proxy Authentication Required

  - by Hemant Kothiyal

  I am working on a website, in which I am retrieving XML data from an external URL, using the following code WebRequest req = WebRequest.Create("External server url"); req.Proxy = new System.Net.WebProxy("proxyUrl:8080", true); req.Proxy.Credentials = CredentialCache.DefaultCredentials; WebResponse resp = req.GetResponse(); StreamReader textReader = new StreamReader(resp.GetResponseStream()); XmlTextReader xmlReader = new XmlTextReader(textReader); XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(xmlReader); This code is working fine on my development PC (Windows XP with .Net 3.5) But when I deploy this code to IIS (Both at Windows XP and at Windows Server 2003) it's giving me following error "The remote server returned an error: (407) Proxy Authentication Required." Sometimes it gives me "The remote server returned an error: (502) Bad Gateway." Following code is from my web.config <system.net> <defaultProxy> <proxy usesystemdefault="False" proxyaddress ="http://172.16.12.12:8080" bypassonlocal ="True" /> </defaultProxy> </system.net> Please help me ? [Edit] Even when i run the website for devlopment PC but through IIS it gives me error "The remote server returned an error: (407) Proxy Authentication Required." But when i run website from Microsoft Devlopment server, it is running fine

  Read the article

• How to connect to a queue manager with ssl enabled server connection channel when authentication is

  - by Dr. Xray

  I am trying to write a java application connecting to server connection channel with SSL enabled. So far, I have been successfully connected to the channel by setting authentication to 'optional'. However, when I set it to be 'required', the connection fails. Here is what I did: Create key db for queue manager and keystore for the java client user. Create key/self-signed certificates for the queue manager and the client user, with names prefixed ibmwebspheremq. Export, exchange and import certificates for the queue manager and the client. (I did answered 'yes' when being asked whether I trust the queue manager cert). The location and password to the truststore and keystore are set to point to the same keystore at the client side, where the orgininal created client user key and the imported queue manager key are. With other settings being the same, if I switch back to 'optional' authentication, the connection works. I think there is something I understand incorrectly about this ssl authenticaion but cannot figure out what. Could someone kindly help me?

  Read the article

• Question about MySQLdb, OS X 10.5, and authentication

  - by timpone

  I'm a noob at Python and have been having problems with MySQLdb and OS X Leopard 10.5. I have a php app that is doing db access just fine with pdo but also want to access with Python. When I use the same credentials with MySQLdb as php, I get the following error: File "build/bdist.macosx-10.5-i386/egg/MySQLdb/connections.py", line 188, in __init__ _mysql_exceptions.OperationalError: (1045, "Access denied for user 'arc_db'@'localhost' (using password: YES)") The authentication piece works fine on my ubuntu server (installed via apt-get) implying that it is something specific to my OS X MySQLdb install. Looking at some postings, I thought it would be my local build of MySQLdb which seems to be problematic with OS X. But I am able to import fine: Python 2.5.1 (r251:54863, Feb 6 2009, 19:02:12) [GCC 4.0.1 (Apple Inc. build 5465)] on darwin Type "help", "copyright", "credits" or "license" for more information. >>> import MySQLdb >>> Also, wanting to create a positive, I am able to access and return results from a database tilted test_something (which presumably bypasses the MySQL's authtentication - not sure exactly how though). Trying to figure out a little more what is going on, I turn on logging for mysql and get the following (added my own comments): 100609 19:09:45 3 Connect Access denied for user 'arc_db'@'localhost' (using password: YES) //not worked 100609 19:10:02 4 Connect arc_db@localhost on arc_development //did work I'm not really sure what the 3 or 4 means but presumably a sucess or failue. So, I guess what would be the next step? Am I doing some obvious stupid python mistake (very likely)? Is there a better way for me to prove that this should / can be working? Is there any way to determine what MySQLdb is sending exactly in its authentication message to MySQL? thanks

  Read the article

• Authentication Error 401.2

  - by priya2010

  I have an application buit partially in classic asp and in c#. The authentication used as per the config file is windows. This is perfectly working. Now I have to authenticate the users against active directory. (ie. if any AD users requesting my application, it should authenticate the user (on login page load) and redirect to the application home page instead of showing login page) The login page is an asp page and I created an aspx page where the login.asp page will be redirected during page load to autheticate with Active Directory. I hav e disabled anonymous access in IIS and currently used only Integrated Windows Authentication. Also given permission to "Authenticated Users" in Permissions. While trying to access the login.asp page I am getting the following error. You do not have permission to view this directory or page using the credentials that you supplied because your Web browser is sending a WWW-Authenticate header field that the Web server is not configured to accept. Please try the following: Contact the Web site administrator if you believe you should be able to view this directory or page. Click the Refresh button to try again with different credentials. HTTP Error 401.2 - Unauthorized: Access is denied due to server configuration. Internet Information Services (IIS) Kindly help me to fix this issue. Thanks, Priya

  Read the article

• CURL - Problem with Authentication

  - by danit

  I need to add authentication to this function: function multiRequest($data, $options = array()) { // array of curl handles $curly = array(); // data to be returned $result = array(); // multi handle $mh = curl_multi_init(); // loop through $data and create curl handles // then add them to the multi-handle foreach ($data as $id => $d) { $curly[$id] = curl_init(); $url = (is_array($d) && !empty($d['url'])) ? $d['url'] : $d; curl_setopt($curly[$id], CURLOPT_URL, $url); curl_setopt($curly[$id], CURLOPT_HEADER, 0); curl_setopt($curly[$id], CURLOPT_RETURNTRANSFER, 1); // post? if (is_array($d)) { if (!empty($d['post'])) { curl_setopt($curly[$id], CURLOPT_POST, 1); curl_setopt($curly[$id], CURLOPT_POSTFIELDS, $d['post']); } } // extra options? if (!empty($options)) { curl_setopt_array($curly[$id], $options); } curl_multi_add_handle($mh, $curly[$id]); } // execute the handles $running = null; do { curl_multi_exec($mh, $running); } while($running > 0); // get content and remove handles foreach($curly as $id => $c) { $result[$id] = curl_multi_getcontent($c); curl_multi_remove_handle($mh, $c); } // all done curl_multi_close($mh); return $result; } I'm looking to add authentication to this function, something along these lines? curl_setopt($curly[$id], CURLOPT_USERPWD, "$username:$password"); Anyone help?

  Read the article

• TFS and Forms Authentication

  - by George

  I don't know squat about TFS, other than as a user who has performed simple check in/outs. I just installed it locally and would like to do joint development with a friend. I was having trouble making my TFS web site on port 8080 visible (the whole scoop is here if your interested) and I wonder if it could be related to the fact that TFS is probably using Windows Authentication to identify the user. Can TFS be set up to use forms authentication? We probably need to set up a VPN, though that's a learning curve too. To use TFS, do our machines have to belong to a domain? We're not admin types, though he is better than me, though I would be interested in any feedback or advice on which path is likely to pan out the best. I already got AxoSoft OneTime working in this type of an environment and it suits us well, but I am tempted at all the bells & whistles with TFS and the ability to tie tracked bug items to code changes. As far as finding a good way to share code, do sites like SourceForge allow one to keep code secure among members only?

  Read the article

• Kerberos and/or other authentication systems - One time logon for all PHP scripts

  - by devviedev

  I'm managing a set of web apps, almost exclusively written in PHP, and would like to find an authentication platform to build a role-based authorization system on top of. Also, I'd like the authentication system to be extensible to use for, for example, system services (SSH, etc.) Here are some of the main characteristics I'm looking for, in order of importance: Easy PHP implementation (storing/reading easily roles, etc.). Redundant, if possible. If an auth system goes down everyone is not locked out. Has clients for Windows and Mac. Easy web-based administration (adding/removing users/roles, changing passwords). If not, I can build an administration system without too much effort. One-time log on. I'd also like, when an auth token is issued, to store the user's IP address and use that to authorize the user for some non web-based applications. For that reason, I'd like a desktop client to issue the token and revoke tokens when, for example, the user becomes idle at their workstation. I'm thinking Kerberos might be a solution, but what are other options?

  Read the article

• How to make Facebook Authentication from Silverlight secure?

  - by SondreB

  I have the following scenario I want to complete: Website running some HTTP(S) services that returns data for a user. Same website is additionally hosting a Silverlight 4 app which calls these services. The Silverlight app is integrating with Facebook using the Facebook Developer Toolkit (http://facebooktoolkit.codeplex.com/). I have not fully decided whether I want Facebook-integration to be a "opt-in" option such as Spotify, or if I want to "lock" down my service with Facebook-only authentication. That's another discussion. How do I protect my API Key and Secret that I receive from Facebook in a Silverlight app? To me it's obvious that this is impossible as the code is running on the client, but is there a way I can make it harder or should I just live with the fact that third parties could potentially "act" as my own app? Using the Facebook Developer Toolkit, there is a following C# method in Silverlight that is executed from the JavaScript when the user has fully authenticated with Facebook using the Facebook Connect APIs. [ScriptableMember] public void LoggedIn(string sessionKey, string secret, int expires, long userId) { this.SessionKey = sessionKey; this.UserId = userId; Obvious the problem here is the fact that JavaScript is injection the userId, which is nothing but a simple number. This means anyone could potentially inject a different userId in JavaScript and have my app think it's someone else. This means someone could hijack the data within the services running on my website. The alternative that comes to mind is authenticating the users on my website, this way I'm never exposing any secrets and I can return an auth-cookie to the users after the initial authentication. Though this scenario doesn't work very well in an out-of-browser scenario where the user is running the Silverlight app locally and not from my website.

  Read the article

• .NET 4.0 Forms Authentication change?

  - by James Koch

  I'm seeing some new behavior in Forms Authentication after upgrading to .NET 4.0. This occurs only on IIS 6, not on 7. Background - In web.config, we configure Forms Authentication, and then use <authorization tags to globally deny anonymous/unauthenticated users access. Then we explicitly allow access to a login.aspx page using a <location tag. Generally, this works fine, as it did when we were on .NET 2.0 (3.5). The issue only occurs when we visit the root path of the site, ie "http://myserver/". Our default document is configured in IIS to be login.aspx. Under .NET 4.0, upon visiting that URL, we're redirected to "http://myserver/login.aspx?ReturnUrl=/". If you log in from here, you're logged in and returned back at the log in page (yuck). Just wanted to post this here to see if anyone else is experiencing this. It's not listed on any "breaking changes" documentation I've been able to find. Either I'm missing something, or the UrlAuthorization module has changed and is no longer "smart" about IIS default documents.

  Read the article

< Previous Page | 45 46 47 48 49 50 51 52 53 54 55 56  | Next Page >