Search Results

Search found 11421 results on 457 pages for 'forms authentication'.

Page 71/457 | < Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78  | Next Page >

• Single sign-on for SharePoint to MySite?

  - by Chris W

  I've got a fairly simple SharePoint 2010 farm set up: 2 WFE servers with Network Load Balancing hosting the main portal site. As per Microsoft's best practice recommendations I've set up My Sites in a separate web application. As some of the user base are not using domain joined PCs they have to login once for the portal (http://portal) and then again when the access My Sites since they're crossing in to a separate web application on a separate host (http://mysite). Portal & MySite are both hosted on the same physical WFE servers. Is there an easy way to set up some thing to stop this happening and just have them login once? I understand that there's plans for us to deploy ISA in the not too distant future - could we use ISA to manage authentication to the two sites so that the users only need to log in once?

  Read the article

• CentOS PAM+LDAP login and host attribute

  - by pianisteg

  My system is CentOS 6.3, openldap is configured well, PAM authorization works fine. But after turning pam_check_host_attr to yes, all LDAP-auths fail with message "Access denied for this host". hostname on the server returns correct value, the same value is listed in user's profile. "pam_check_host_attr no" works fine and allows everyone with correct uid/password a piece of /var/log/secure: Sep 26 05:33:01 ldap sshd[1588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=my-host user=my-username Sep 26 05:33:01 ldap sshd[1588]: Failed password for my-username from 77.AA.BB.CC port 58528 ssh2 Sep 26 05:33:01 ldap sshd[1589]: fatal: Access denied for user my-username by PAM account configuration Another two servers (CentOS 5.7 Debian) authorizes on this LDAP server correctly. Even with pam_check_host_attr yes! I didn't edit /etc/security/access.conf, it is empty, only default comments. I don't know what to do! How to fix this?

  Read the article

• Developer Laptop with SQL Server 2008 can't login to SSIS when offsite

  - by wizlb

  When I bring my Windows XP (SP3) laptop home I can still login as my domain account because Windows caches the info necessary to authenticate me when the domain controller isn't around. However, when I try to connect to Integration Services from within SQL Server Management Studio, it generates SSPI context errors. The only way it works is if I connect to the office with VPN or if I'm at the office where the domain controller is. I have both SQL Server Agent and SQL Server Integration Services 10 running under local computer accounts. It seems that the only option to connect to Integration Services from within Management Studio is to use Window authentication. Is there any way to do this when I'm not connected to the office? Why don't these services use the cached info just like Windows Login? Thanks.

  Read the article

• Tell git which private key to use

  - by jrdioko

  ssh has the -i option to tell it which private key file to use when authenticating: -i identity_file Selects a file from which the identity (private key) for RSA or DSA authentication is read. The default is ~/.ssh/identity for protocol ver- sion 1, and ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2. Iden- tity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). Is there a similar way to tell git which private key file to use when on a system with multiple private keys in the .ssh directory?

  Read the article

• Good Shibboleth tutorials our there?

  - by fgysin

  I am looking into using Shibboleth for authentication of webapplications at my organisation. I am very new to this subject and would like to read through some good tutorials, hands-on-lessons or whatever is out there to help newbies getting to know Shibboleth. But so far I have not been able to find any tutorials that contain specific examples for each steps. I would like to get a running setup up somehow so I will be able to play around with it... What I have found up to now: Official Documentation for Shibboleth 2 -- https://spaces.internet2.edu/display/SHIB2/Installation I would appreciate any hints you can give me about additional information to Shibboleth.

  Read the article

• Implementing a form of port knocking + Phone Factor = 2 Factor auth for RDP?

  - by jshin47

  I have been looking into how to secure a publicly-available RDP endpoint and want to implement our two-factor authentication RADIUS server, PhoneFactor. I would like to implement the following process: User opens up web app in browser In web app, user enters username + password, initiates RADIUS auth Phone factor calls user to complete auth Once user is authenticated, port 3389 is opened on user's IP on pfSense firewall. After some amount of time, firewall rule is removed for that IP I would like to know the following: Is this a typical setup? If it is a bad idea, please explain why. If it is possible, are there any packages that assist with this? Specifically, the third step, where the appropriate firewall rule would need to be added... Edit: I am aware of TS Web Gateway, but I want the users to be able to use the traditional RDP client...

  Read the article

• How to send connection type (SSH|Telnet) info in Radius Access Requests on Cisco router?

  - by Gianni Costanzi

  I've configured the following on a cisco router: aaa authentication login default group radius local ! radius-server host x.x.x.x auth-port 1012 acct-port 1013 radius-server host y.y.y.y auth-port 1012 acct-port 1013 radius-server retransmit 1 radius-server timeout 3 radius-server key 7 xxxxxxxxx I'd like to be able to specify some radius options in order to add information about the type of connection for which a user is being authenticated, i.e. I'd like the radius server to receive in the Cisco Router's Radius Access Request information about the connection being SSH or Telnet.. I'd like to find something that automatically adds this info in the access request, without specific configurations on VTY lines dedicated to SSH and to Telnet. Any idea about that?

  Read the article

• Subversion LDAP Configuration

  - by dbyrne

  I am configuring a subversion repository to use basic LDAP authentication. I have an entry in my http.conf file that looks like this: <Location /company/some/location> DAV svn SVNPath /repository/some/location AuthType Basic AuthName LDAP AuthBasicProvider ldap Require valid-user AuthLDAPBindDN "cn=SubversionAdmin,ou=admins,o=company.com" AuthLDAPBindPassword "XXXXXXX" AuthLDAPURL "ldap://company.com/ou=people,o=company.com?personid" </Location> This works fine for living, breathing people who need to log in. However, I also need to provide application accounts access to the repository. These accounts are in a different OU. Do I need to add a whole new <location> element, or can I add a second AuthLDAPURLto the existing entry?

  Read the article

• Picking up a lot of failed authentications for various accounts

  - by Josh K

  My server is getting a lot of various failed authentication attempts for various accounts. The most common one (that I've seen ) or the root account. I have since enabled Fail2Ban and ran several rootkit / malware checks to ensure I wasn't compromised. Is there anything else I should do? I only have three accounts enabled, and SSH access for only two. I have a full 48hr ban on anyone making more then six failed SSH login attempts. I do not have FTP enabled.

  Read the article

• Hiding a HTTP Auth-Realm by sending 404 to non-known IPs?

  - by zhenech

  I have an Apache (2.2) serving a web-app on example.com. That web-app has a debug-page reachable via example.com/debug. /debug is currently protected with a HTTP basic auth. As there is only a very small user-base who has access to the debug-page, I would like to hide it based on IP address and return 404 to clients not accessing from our VPN. Serving a 404 based on IP-address only is easy and is described in http://serverfault.com/a/13071. But as soon I add authentication, the users see a 401 instead of a 404. Basically, what I need is: if ($REMOTE_ADDR ~ 10.11.12.*): do_basic_auth (aka return 401) else: return 404

  Read the article

• Unable to set NTFS permissions for ApplicationPoolIdentity on Windows 2008 SP2

  - by Kev

  On Windows 2008 R2 I am able to set NTFS permissions for an application pool's synthesised ApplicationPoolIdentity account thus: ICACLS d:\websites\site1\www /grant "IIS AppPool\site1":(CI)(OI)(M) The website's application pool is named site1 and is configured to run as ApplicationPoolIdentity. The site's authentication is also configured to authenticate as ApplicationPoolIdentity. I've done this a thousand times on Windows 2008 Standard Edition R2 with never a hitch. However if I try to do the same in Windows 2008 Standard Edition SP2 I get the error: IIS AppPool\site1: No mapping between account names and security IDs was done. Successfully processed 0 files; Failed processing 1 files I also notice that this fails if I try to set permissions for the application pool identity via the security GUI as well. I've seen this before and a reboot has cleared this issue but I'd like to know why this happens periodically. Googling around suggests other folks have hit this problem but there's never a satisfactory explanation. Why would this be?

  Read the article

• Chrome - Why am I automatically authenticated to a web app even after clearing browser cookies?

  - by Howiecamp

  I am accessing a web application using Chrome. If I sign out of the app and clear all Chrome history/cookies/etc (even Flash cookies which are now handled by Chrome in the same Clear History area) and then re-access the site, I am automatically logged in without being prompted for credentials. I then launched Chrome in Incognito mode and was able to reproduce the same behavior. However, the I was prompted upon the first logon while in Incognito mode. The web application behaves as expected in Internet Explorer 10. Some info about the application: It's a Sharepoint site using NTLM authentication The credentials are Active Directory-based, as the username is domain\username My connection is over the Internet and there is no AD relationship between my local Windows account, my Windows PC. In other words I (meaning my locally logged on user and my PC) are not in any way part of their AD domain. The site is running SSL on port 443 Why might Chrome be automatically authenticating me?

  Read the article

• How to control remote access to Sonicwall VPN beyond passwords?

  - by pghcpa

  I have a SonicWall TZ-210. I want an extremely easy way to limit external remote access to the VPN beyond just username and password, but I do not wish to buy/deploy a OTP appliance because that is overkill for my situation. I also do not want to use IPSec because my remote users are roaming. I want the user to be in physical possession of something, whether that is a pre-configured client with an encrypted key or a certificate .cer/.pfx of some sort. SonicWall used to offer "Certificate Services" for authentication, but apparently discontinued that a long time ago. So, what is everyone using in its place? Beyond the "Fortune 500" expensive solution, how do I limit access to the VPN to only those users who have possession of a certificate file or some other file or something beyond passwords? Thanks.

  Read the article

• How to set up custom 401 error page or redirect in WSS3 SP2

  - by Stacy Vicknair

  I've got a WSS3 sharepoint site that requires windows authentication both in IIS and via the Sharepoint site. What I would like to do is in the case that a user does not provide valid AD credentials they are redirected to a custom error page. Currently, if the user immediately hits cancel when prompthey will see a plain text response of "401 UNAUTHORIZED". If they make an attempt and then hit cancel they instead see a blank page. I have looked into several options such as customErrors, httpModule interception (only saw examples for this after the user is authenticated), IIS Url rewrites (didn't see how this could help). Is there a good way to do this?

  Read the article

• Managing service passwords with Puppet

  - by Jeff Ferland

  I'm setting up my Bacula configuration in Puppet. One thing I want to do is ensure that each password field is different. My current thought is to hash the hostname with a secret value that would ensure each file daemon has a unique password and that password can be written to both the director configuration and the file server. I definitely don't want to use one universal password as that would permit anybody who might compromise one machine to get access to any machine through Bacula. Is there another way to do this other than using a hash function to generate the passwords? Clarification: This is NOT about user accounts for services. This is about the authentication tokens (to use another term) in the client / server files. Example snippet: Director { # define myself Name = <%= hostname $>-dir QueryFile = "/etc/bacula/scripts/query.sql" WorkingDirectory = "/var/lib/bacula" PidDirectory = "/var/run/bacula" Maximum Concurrent Jobs = 3 Password = "<%= somePasswordFunction =>" # Console password Messages = Daemon }

  Read the article

• Cannot access folder locally, but can remotely

  - by Cylindric

  I'm having a peculiar problem on one of my servers at the moment, which seems to be related to authentication in some way, but I have no idea how to find the root of the problem. I have a folder on the server D:\Somefolder\Logs. If I am connected to the server via an RDP terminal, so essentially "local", I cannot access that folder - I get an access denied. If I am connecting from my machine to it using the share \server\d$\Somefolder\Logs, I can access it. I'm logging in to both machines as the same user. Permissions on the folder seem quite simple, CREATOR OWNER, SYSTEM and Administrators. I am a Domain Admin, and they are in the local "Administrators" group. It is also affecting things like access to SQL Server, so I don't think it's a simple folder-permissions thing. For example, I cannot connect SQL Management Studio to all the local SQL instances using a domain account, but I can if I connect remotely to it.

  Read the article

• iptables, allow access from certain MAC addresses

  - by user788171

  Presently, I limit which clients can access my server by using IP addresses via iptables, only approved IP addresses can connect. However, the problem with this is if a client is on a laptop and goes to a different location, they can no longer connect because the IP has changed. For a variety of reasons, iptables authentication is the only option I have. Is there a way to restrict access by device instead of ip address. For instance, only allow certain MAC address to connect to port 5000. Is it possible to do this via iptables? Note, the computers are not on the same network, they could be connecting from anywhere in the world.

  Read the article

• Is there a Google Authenticator desktop client?

  - by cwd

  I am using Google Authenticator for 2-step authentication. I like how I can use a code and verify my account using my phone: I realize that the app was designed to run on a device other than a computer to increase security for the computer (in case that it is lost or stolen), but I would like to know if there is a way I can run Google Authenticator on my Macbook. Now, per the Google Authenticator Page it will not run on a desktop: What devices does Google Authenticator work on? Android version 2.1 or later BlackBerry OS 4.5 - 6.0 iPhone iOS 3.1.3 or later However there are several emulators for developers and so I wonder if it is possible to run one of these emulators and then run Google Authenticator with that. I do realize this is not a best practice - but I'm less worried about my laptop getting stolen and more worried about someone just hacking the account. So my question is this: Is it possible to run it on the desktop, even though it is not meant to be / not recommended?

  Read the article

• Any cloud storage service that lets us to authenticate the file when we serve the file to our visito

  - by TORr0t

  Lets say, i want to restrict a file to my visitors. I mean , i have an xx.avi file to be streamed/downloaded, and the visitor paid me for the bandwidth and the size of the file. In amazon s3, i cant control the file at all .(there is a very basic control thing which is not ok for me) Only way is my server can proxy the file, like it fetches the file from amazon s3 storagenode and send it to the owner with authentication approval by a php script. But this way i would double up the bandwidth usage and again there would be latency problem since my server needs to get the file from amazon s3. So i was wondering if there is a better solution or any cloud storage service that lets us to control the file restriction to my visitors. Thanks

  Read the article

• Sharepoint asks for NTLM credentials for every unique URL. How do I stop it?

  - by CamronBute

  I'm tasked with troubleshooting a problem we're having with a SP2010 site. The app is external, and there are several clients that must connect. Some clients are receiving a crazy amount of credential requests when trying to log on. It appears to ask for every unique URL (eg. every different picture, link, etc) and it won't stop. Other clients are having no problems. I cannot seem to replicate the issue, either. I'm attempting to replicate by restricting all settings (including cookies) on my own browser, but to no avail. I put the HTTP request under a microscope, and it's asking for NTLM credentials. The client is using IE8, and the browser is running in Protected Mode, but the browser settings cannot be determined... I'm guessing this is a webserver thing, simply because it appears to be an authentication thing. What might the problem be?

  Read the article

• Possible? OpenVPN server requiring both certificate- AND password-based login (via Tomato router firmware)

  - by Eric

  I've been using Shibby's build of Tomato (64k NVRAM version) on my Asus N66U router in order to run an OpenVPN server. I'm curious whether it's possible to setup this OpenVPN server to require both a certificate AND a username/password before a user is allowed access. I noticed there's a "challenge password" entry when filling out the certificate details, but everyone says to leave it blank "or else"; I have no idea why, and I can't find an explanation. In addition, I've Google'd this issue a bunch and have noticed people talking about a PAM module for OpenVPN in order to authenticate via username/password, but that appeared to be an either/or option; in other words, I can force authentication via username/password OR certificate. I want to require both. Is this possible? If so, how?

  Read the article

• Single Sign on for RDS

  - by stumct

  I currently have an RDS farm which is used for running remote apps for a large group of users. When logging in these users must authenticate to the RDS web page to view their list of applications. Then they authenticate again upon clicking the application the require. How can I enable this to use the users current windows authentication so they do not have to log in at each step. Ideally since the user is logged in to their local machine with their windows account, they should not need to continuously authenticate.

  Read the article

• Odd behavior in Django Form (readonly field/widget)

  - by jamida

  I'm having a problem with a test app I'm writing to verify some Django functionality. The test app is a small "grade book" application that is currently using Alex Gaynor's readonly field functionality http://lazypython.blogspot.com/2008/12/building-read-only-field-in-django.html There are 2 problems which may be related. First, when I flop the comment on these 2 lines below: # myform = GradeForm(data=request.POST, instance=mygrade) myform = GradeROForm(data=request.POST, instance=mygrade) it works like I expect, except of course that the student field is changeable. When the comments are the shown way, the "studentId" field is displayed as a number (not the name, problem 1) and when I hit submit I get an error saying that studentId needs to be a Student instance. I'm at a loss as to how to fix this. I'm not wedded to Alex Gaynor's code. ANY code will work. I'm relatively new to both Python and Django, so the hints I've seen on websites that say "making a read-only field is easy" are still beyond me. // models.py class Student(models.Model): name = models.CharField(max_length=50) parent = models.CharField(max_length=50) def __unicode__(self): return self.name class Grade(models.Model): studentId = models.ForeignKey(Student) finalGrade = models.CharField(max_length=3) # testbed.grades.readonly is alex gaynor's code from testbed.grades.readonly import ReadOnlyField class GradeROForm(ModelForm): studentId = ReadOnlyField() class Meta: model=Grade class GradeForm(ModelForm): class Meta: model=Grade // views.py def modifyGrade(request,student): student = Student.objects.get(name=student) mygrade = Grade.objects.get(studentId=student) if request.method == "POST": # myform = GradeForm(data=request.POST, instance=mygrade) myform = GradeROForm(data=request.POST, instance=mygrade) if myform.is_valid(): grade = myform.save() info = "successfully updated %s" % grade.studentId else: # myform=GradeForm(instance=mygrade) myform=GradeROForm(instance=mygrade) return render_to_response('grades/modifyGrade.html',locals()) // template <p>{{ info }}</p> <form method="POST" action=""> <table> {{ myform.as_table }} </table> <input type="submit" value="Submit"> </form> // Alex Gaynor's code from django import forms from django.utils.html import escape from django.utils.safestring import mark_safe from django.forms.util import flatatt class ReadOnlyWidget(forms.Widget): def render(self, name, value, attrs): final_attrs = self.build_attrs(attrs, name=name) if hasattr(self, 'initial'): value = self.initial return mark_safe("<span %s>%s</span>" % (flatatt(final_attrs), escape(value) or '')) def _has_changed(self, initial, data): return False class ReadOnlyField(forms.FileField): widget = ReadOnlyWidget def __init__(self, widget=None, label=None, initial=None, help_text=None): forms.Field.__init__(self, label=label, initial=initial, help_text=help_text, widget=widget) def clean(self, value, initial): self.widget.initial = initial return initial

  Read the article

• How do I make the PolicyKit authentication agent window not dissapear when I enter faulty password in Ubuntu 12.04?

  - by Petar

  As far as I remember in previous versions of Ubuntu, whenever authentication was required and when the PolicyKit authentication agent window was presented, it stayed there even after I would enter a faulty password. But now, whenever I make a mistake, the window is closed immediately. I find this behaviour irritating. For instance I use Synaptic rather frequently, and I prefer to start it using Synapse. I press Ctrl+Space to invoke Synapse, then I enter "syn" (s-shows SMplayer, sy- shows System Monitor) and than I press Enter so that Synaptic is invoked. Then I'm presented with the PolicyKit authentication agent window. As my password is rather complicated - using special characters and big letters, it's easy to make a mistake. If I do make a mistake while typing my password, I'm forced to redo all the previous steps. It's annoying as hell, knowing that this is not the way the PolicyKit authentication agent window behaved before. It used to warn me that the password was not correct and than wait for the correct input. I'm not sure if it allowed trying for the correct password indefinitely, or it was limited to 3 retries which is a much saner behaviour than the current one. I'm using Gnome 3, but the same thing happens in Unity too, although the window looks different.

  Read the article

• 407 Proxy Authentication Required

  - by Hemant Kothiyal

  I am working on a website, in which I am retrieving XML data from an external URL, using the following code WebRequest req = WebRequest.Create("External server url"); req.Proxy = new System.Net.WebProxy("proxyUrl:8080", true); req.Proxy.Credentials = CredentialCache.DefaultCredentials; WebResponse resp = req.GetResponse(); StreamReader textReader = new StreamReader(resp.GetResponseStream()); XmlTextReader xmlReader = new XmlTextReader(textReader); XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(xmlReader); This code is working fine on my development PC (Windows XP with .Net 3.5) But when I deploy this code to IIS (Both at Windows XP and at Windows Server 2003) it's giving me following error "The remote server returned an error: (407) Proxy Authentication Required." Sometimes it gives me "The remote server returned an error: (502) Bad Gateway." Following code is from my web.config <system.net> <defaultProxy> <proxy usesystemdefault="False" proxyaddress ="http://172.16.12.12:8080" bypassonlocal ="True" /> </defaultProxy> </system.net> Please help me ? [Edit] Even when i run the website for devlopment PC but through IIS it gives me error "The remote server returned an error: (407) Proxy Authentication Required." But when i run website from Microsoft Devlopment server, it is running fine

  Read the article

< Previous Page | 67 68 69 70 71 72 73 74 75 76 77 78  | Next Page >