Search Results

Search found 2054 results on 83 pages for 'ion auth'.

Page 9/83 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • Advice on simple efficient way to store web form data when no db/auth required

    - by ted776
    Hi, I have a situation where I need to provide an efficient way to process and store comments submitted via a web form. I would normally use PHP and either MySQL or XML to store the data, but this is slightly different in that this web form will only be temporarily available in a closed LAN environment, and all i need to do is process the form data and store it a format which can be accessed by another application on the LAN (Adobe Director). Each request made by the Director app should pop the stack of data. I'm wondering how best to store the data for this type of situation as it's not something I would normally do. I'm thinking possibly storing the data in an XML file, but any advice would be great!

    Read the article

  • Apache basic auth, mod_authn_dbd and password salt

    - by Cristian Vrabie
    Using Apache mod_auth_basic and mod_authn_dbd you can authenticate a user by looking up that user's password in the database. I see that working if the password is held in clear, but what if we use a random string as a salt (also stored in the database) then store the hash of the concatenation? mod_authn_dbd requires you to specify a query to select that password not to decide if the user is authenticated of not. So you cannot use that query to concatenate the user provided password with the salt then compare with the stored hash. AuthDBDUserRealmQuery "SELECT password FROM authn WHERE user = %s AND realm = %s" Is there a way to make this work?

    Read the article

  • Web framework recommendation for python (webservices, auth, cache, ...)

    - by illuminated
    Hi all, Googling for the past week, but cannot finally decide which python web framework would be right for me. The web app I'm about to develop would be almost completely "pure" html with js (jQuery). Server side would have to do the following: authentication session management caching web services (almost all the on page data would be pulled with jQuery through web services) secured web services (through some form of authentication; this is for remote accessing some of the web services though other web apps, desktop/mobile applications) If there is a good tutorial/guide/idea for how to do this in Django I would be most thankfull if someone could share it as I already have experience with it. The thing that made me start thinking about other frameworks is Django's built in ORM. I know I could swap it with SQLAlchemy, but wouldn't go down that road if I'm not sure all the rest of the requirements is supported. Thanks all in advance.

    Read the article

  • Forms Auth requireSSl and Https

    - by zsharp
    If my login pages are https, does it matter if "requireSSl" is true in the forms tab of the web config? Currently I am redirecting pages with IIS to HTTPS. When I set requiressl it seems to cause problems. Can someone put the two settings in perspective. thanks

    Read the article

  • IIS to SQL Server kerberos auth issues

    - by crosan
    We have a 3rd party product that allows some of our users to manipulate data in a database (on what we'll call SvrSQL) via a website on a separate server (SvrWeb). On SvrWeb, we have a specific, non-default website setup for this application so instead of going to http://SvrWeb.company.com to get to the website we use http://application.company.com which resolves to SvrWeb and the host headers resolve to the correct website. There is also a specific application pool set up for this site which uses an Active Directory account identity we'll call "company\SrvWeb_iis". We're setup to allow delegation on this account and to allow it to impersonate another login which we want it to do. (we want this account to pass along the AD credentials of the person signed into the website to SQL Server instead of a service account. We also set up the SPNs for the SrvWeb_iis account via the following command: setspn -A HTTP/SrvWeb.company.com SrvWeb_iis The website pulls up, but the section of the website that makes the call to the database returns the message: Cannot execute database query. Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'. I thought we had the SPN information set up correctly, but when I check the security event log on SrvWeb I see entries of my logging in, but it seems to be using NTLM and not kerberos: Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Any ideas or articles that cover this setup in detail would be extremely appreciated! If it helps, we are using SQL Server 2005, and both the web and SQL servers are Windows 2003.

    Read the article

  • ModelName(django.contrib.auth.models.User) vs ModelName(models.Model)

    - by amr.negm
    I am developing a django project. I created some apps, some of those are related to User model, for instance, I have a feeds app that handles user feeds, and another app that deals with extra user data like age, contacts, and friends. for each of these, I created a table that should be connected to the User model, which I using for storing and authenticating users. I found two ways to deal with this issue. One, is through extending User model to be like this: ModelName(User): friends = models.ManyToMany('self') ..... Two, is through adding a foreign key to the new table like this: ModelName(models.Model): user = models.ForeignKey(User, unique=True) friends = friends = models.ManyToMany('self') ...... I can't decide which to use in which case. in other words, what are the core differences between both?

    Read the article

  • Unrecognized authentication type when doing an Auth to Exchange from Rails

    - by blakeage
    I'm getting this error when trying to authenticate with Exchange Server from Ruby on Rails: 504 5.7.4 Unrecognized authentication type config.action_mailer.raise_delivery_errors = true config.action_mailer.perform_deliveries = true config.action_mailer.delivery_method = :smtp config.action_mailer.smtp_settings = { :address => "x.x.x.x", :port => 25, :user_name => "xxdomain\xxuser", :password => "xxxxxx", :authentication => :login, :enable_starttls_auto => true } I've tried all sorts of combinations of configuration settings, including changing the settings to use "plain" authentication, adding the domain, setting enable_starttls_auto to true, false, and removing it entirely, removing the port. Nothing has worked. Any ideas?

    Read the article

  • integrating facebook auth into my web form app

    - by user169692
    Hi, I would like to allow my users to authorise my app with their fb on registration. All of the examples i see redirect users to the fb canvas page after authorisation, but i only want this to be a step in the registration process. Essentially, i want an icon they can click that would open up a new window where they can login to fb and a simple postback to the registration page where i would detect the login and hide the login button. Any ideas on how I can achieve this using the facebook c# sdk? Thanks and Merry Christmas :)

    Read the article

  • Using Forms authentication with remote auth system?

    - by chobo
    I am working on a website that uses a remote websites database to check for authentication (they are both share some database tables, but are separate website...) Right now I check the username and password against the remote websites account / member table, if there is a match I create a session. Questions: Is this secure? On authenticated pages I just check if a session of a specific type exists.Is it possible for someone to create an empty session or something that could bypass this? Is it possible to use Forms authentication with this setup? Right now if a user is authenticated I just get an object back with the username, email and id.

    Read the article

  • pam_tally2 causing unwanted lockouts with SCOM or Nervecenter

    - by Chris
    We use pam_tally2 in our system-auth config file which works fine for users. With services such as SCOM or Nervecenter it causes lockouts. Same behavior on RHEL5 and RHEL6 This is /etc/pam.d/nervecenter #%PAM-1.0 # Sample NerveCenter/RHEL6 PAM configuration # This PAM registration file avoids use of the deprecated pam_stack.so module. auth include system-auth account required pam_nologin.so account include system-auth and this is /etc/pam.d/system-auth auth sufficient pam_centrifydc.so auth requisite pam_centrifydc.so deny account sufficient pam_centrifydc.so account requisite pam_centrifydc.so deny session required pam_centrifydc.so homedir password sufficient pam_centrifydc.so try_first_pass password requisite pam_centrifydc.so deny auth required pam_tally2.so deny=6 onerr=fail auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password requisite pam_cracklib.so try_first_pass retry=3 minclass=3 minlen=8 lcredit=1 ucredit=1 dcredit=1 ocredit=1 difok=1 password sufficient pam_unix.so sha512 shadow try_first_pass use_authtok remember=8 password required pam_deny.so session optional pam_keyinit.so revoke session required pam_limits.so session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so The login does work but it also triggers the pam_tally counter up until it hits 6 "false" logins. Is there any pam-ninjas around that could spot the issue? Thanks.

    Read the article

  • How can I enable http auth in lighttpd for all directories except one?

    - by Nuri Hodges
    I am trying to authenticate access to everything in webroot (/) except anything that resides in a particular directory (/directory/) and I've tried both of these options to no avail: $HTTP["url"] =~ "^(?!(/directory))" { auth.require = ( "" => ( "method" => "basic", "realm" => "auth to this area", "require" => "user=username" ) ) } $HTTP["url"] != "/directory" { auth.require = ( "" => ( "method" => "basic", "realm" => "auth to this area", "require" => "user=username" ) ) }

    Read the article

  • Can't make Dovecot communicate with Postfix using SASL (warning: SASL: Connect to private/auth failed: No such file or directory)

    - by Fred Rocha
    Solved. I will leave this as a reference to other people, as I have seen this error reported often enough on line. I had to change the path smtpd_sasl_path = private/auth in my /etc/postfix/main.cf to relative, instead of absolute. This is because in Debian Postfix runs chrooted (and how does this affect the path structure?! Anyone?) -- I am trying to get Dovecot to communicate with Postfix for SMTP support via SASL. the master plan is to be able to host multiple e-mail accounts on my (Debian Lenny 64 bits) server, using virtual users. Whenever I test my current configuration, by running telnet server-IP smtp I get the following error on mail.log warning: SASL: Connect to /var/spool/postfix/private/auth failed: No such file or directory Now, Dovecot is supposed to create the auth socket file, yet it doesn't. I have given the right privileges to the directory private, and even tried creating a auth file manually. The output of postconf -a is cyrus dovecot Am I correct in assuming from this that the package was compiled with SASL support? My dovecot.conf also holds client { path = /var/spool/postfix/private/auth mode = 0660 user = postfix group = postfix } I have tried every solution out there, and am pretty much desperate after a full day of struggling with the issue. Can anybody help me, pretty please?

    Read the article

  • Battery life starts at 2:30 hrs (99%), but less than 1 minute later is only 1:30 hrs (99%)

    - by zondu
    After searching this and other forums, I haven't seen this same issue listed anywhere for Ubuntu 12. Prior to installing Ubuntu 12.10, my Netbook (Acer AspireOne D250, SATA HDD) was consistently getting 2:30-3 hrs battery life under Windows XP Home, SP3. However, immediately after installing Ubuntu 12.10, the battery life starts out at 2:30 hrs (99%), but less than 1 minute later suddenly drops to 1:30 hrs (99%), which seems very odd. It could be a complete coincidence that the battery is suddenly flaky at the exact same moment that Ubuntu 12.10 was installed, but that doesn't seem likely. I'm a newbie to Ubuntu, so I don't have much experience tweaking/trouble-shooting yet. Here's what I've tried so far: enabled laptop mode (sudo su, then echo 5 /proc/sys/vm/laptop_mode) and checked that it is running when the A/C adapter is unplugged, but it doesn't seem to have made any noticeable difference in battery life, installed Jupiter, but it didn't work and messed up the system, so I had to uninstall it, disabled bluetooth (wifi is still on b/c it is necessary), set the screen to lowest brightness, etc., run through at least 1 full power cycle (running until the netbook shut itself off due to critical battery) and have been using it normally (sometimes plugged in, often unplugged until the battery gets very low) for a week since installing Ubuntu 12.10. installed powertop, but have no idea how to interpret its results. Here are the results of acpi -b: w/ A/C adapter: Battery 0: Full, 100% immediately after unplugging: Battery 0: Discharging, 99%, 02:30:20 remaining 1 minute after unplugging: Battery 0: Discharging, 99%, 01:37:49 remaining 2-3 minutes after unplugging: Battery 0: Discharging, 95%, 01:33:01 remaining 10 minutes after unplugging: Battery 0: Discharging, 85%, 01:13:38 remaining Results of cat /sys/class/power_supply/BAT0/uevent: w/ A/C adapter: POWER_SUPPLY_NAME=BAT0 POWER_SUPPLY_STATUS=Full POWER_SUPPLY_PRESENT=1 POWER_SUPPLY_TECHNOLOGY=Li-ion POWER_SUPPLY_CYCLE_COUNT=0 POWER_SUPPLY_VOLTAGE_MIN_DESIGN=10800000 POWER_SUPPLY_VOLTAGE_NOW=12136000 POWER_SUPPLY_CURRENT_NOW=773000 POWER_SUPPLY_CHARGE_FULL_DESIGN=4500000 POWER_SUPPLY_CHARGE_FULL=1956000 POWER_SUPPLY_CHARGE_NOW=1956000 POWER_SUPPLY_MODEL_NAME=UM08B32 POWER_SUPPLY_MANUFACTURER=SANYO POWER_SUPPLY_SERIAL_NUMBER= immediately after unplugging: POWER_SUPPLY_NAME=BAT0 POWER_SUPPLY_STATUS=Discharging POWER_SUPPLY_PRESENT=1 POWER_SUPPLY_TECHNOLOGY=Li-ion POWER_SUPPLY_CYCLE_COUNT=0 POWER_SUPPLY_VOLTAGE_MIN_DESIGN=10800000 POWER_SUPPLY_VOLTAGE_NOW=11886000 POWER_SUPPLY_CURRENT_NOW=773000 POWER_SUPPLY_CHARGE_FULL_DESIGN=4500000 POWER_SUPPLY_CHARGE_FULL=1956000 POWER_SUPPLY_CHARGE_NOW=1937000 POWER_SUPPLY_MODEL_NAME=UM08B32 POWER_SUPPLY_MANUFACTURER=SANYO POWER_SUPPLY_SERIAL_NUMBER= 1 minute later: POWER_SUPPLY_NAME=BAT0 POWER_SUPPLY_STATUS=Discharging POWER_SUPPLY_PRESENT=1 POWER_SUPPLY_TECHNOLOGY=Li-ion POWER_SUPPLY_CYCLE_COUNT=0 POWER_SUPPLY_VOLTAGE_MIN_DESIGN=10800000 POWER_SUPPLY_VOLTAGE_NOW=11728000 POWER_SUPPLY_CURRENT_NOW=1174000 POWER_SUPPLY_CHARGE_FULL_DESIGN=4500000 POWER_SUPPLY_CHARGE_FULL=1956000 POWER_SUPPLY_CHARGE_NOW=1937000 POWER_SUPPLY_MODEL_NAME=UM08B32 POWER_SUPPLY_MANUFACTURER=SANYO POWER_SUPPLY_SERIAL_NUMBER= 2-3 minutes later: POWER_SUPPLY_NAME=BAT0 POWER_SUPPLY_STATUS=Discharging POWER_SUPPLY_PRESENT=1 POWER_SUPPLY_TECHNOLOGY=Li-ion POWER_SUPPLY_CYCLE_COUNT=0 POWER_SUPPLY_VOLTAGE_MIN_DESIGN=10800000 POWER_SUPPLY_VOLTAGE_NOW=11583000 POWER_SUPPLY_CURRENT_NOW=1209000 POWER_SUPPLY_CHARGE_FULL_DESIGN=4500000 POWER_SUPPLY_CHARGE_FULL=1956000 POWER_SUPPLY_CHARGE_NOW=1878000 POWER_SUPPLY_MODEL_NAME=UM08B32 POWER_SUPPLY_MANUFACTURER=SANYO POWER_SUPPLY_SERIAL_NUMBER= 10 minutes later: POWER_SUPPLY_NAME=BAT0 POWER_SUPPLY_STATUS=Discharging POWER_SUPPLY_PRESENT=1 POWER_SUPPLY_TECHNOLOGY=Li-ion POWER_SUPPLY_CYCLE_COUNT=0 POWER_SUPPLY_VOLTAGE_MIN_DESIGN=10800000 POWER_SUPPLY_VOLTAGE_NOW=11230000 POWER_SUPPLY_CURRENT_NOW=1239000 POWER_SUPPLY_CHARGE_FULL_DESIGN=4500000 POWER_SUPPLY_CHARGE_FULL=1956000 POWER_SUPPLY_CHARGE_NOW=1644000 POWER_SUPPLY_MODEL_NAME=UM08B32 POWER_SUPPLY_MANUFACTURER=SANYO POWER_SUPPLY_SERIAL_NUMBER= Results of upower -i /org/freedesktop/UPower/devices/battery_BAT0: w/ A/C adapter: native-path: /sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/device:02/PNP0C0A:00/power_supply/BAT0 vendor: SANYO model: UM08B32 power supply: yes updated: Tue Nov 27 15:24:58 2012 (823 seconds ago) has history: yes has statistics: yes battery present: yes rechargeable: yes state: fully-charged energy: 21.1248 Wh energy-empty: 0 Wh energy-full: 21.1248 Wh energy-full-design: 48.6 Wh energy-rate: 8.3484 W voltage: 12.173 V percentage: 100% capacity: 43.4667% technology: lithium-ion immediately after unplugging: native-path: /sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/device:02/PNP0C0A:00/power_supply/BAT0 vendor: SANYO model: UM08B32 power supply: yes updated: Tue Nov 27 15:41:25 2012 (1 seconds ago) has history: yes has statistics: yes battery present: yes rechargeable: yes state: discharging energy: 20.9196 Wh energy-empty: 0 Wh energy-full: 21.1248 Wh energy-full-design: 48.6 Wh energy-rate: 8.3484 W voltage: 11.86 V time to empty: 2.5 hours percentage: 99.0286% capacity: 43.4667% technology: lithium-ion History (charge): 1354023683 99.029 discharging 1 minute later: native-path: /sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/device:02/PNP0C0A:00/power_supply/BAT0 vendor: SANYO model: UM08B32 power supply: yes updated: Tue Nov 27 15:42:31 2012 (17 seconds ago) has history: yes has statistics: yes battery present: yes rechargeable: yes state: discharging energy: 20.9196 Wh energy-empty: 0 Wh energy-full: 21.1248 Wh energy-full-design: 48.6 Wh energy-rate: 13.5432 W voltage: 11.753 V time to empty: 1.5 hours percentage: 99.0286% capacity: 43.4667% technology: lithium-ion History (charge): 1354023683 99.029 discharging History (rate): 1354023751 13.543 discharging 2-3 minutes later: native-path: /sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/device:02/PNP0C0A:00/power_supply/BAT0 vendor: SANYO model: UM08B32 power supply: yes updated: Tue Nov 27 15:45:06 2012 (20 seconds ago) has history: yes has statistics: yes battery present: yes rechargeable: yes state: discharging energy: 20.2824 Wh energy-empty: 0 Wh energy-full: 21.1248 Wh energy-full-design: 48.6 Wh energy-rate: 13.7484 W voltage: 11.545 V time to empty: 1.5 hours percentage: 96.0123% capacity: 43.4667% technology: lithium-ion History (charge): 1354023906 96.012 discharging 1354023844 97.035 discharging History (rate): 1354023906 13.748 discharging 1354023875 12.992 discharging 1354023844 13.284 discharging 10 minutes later: native-path: /sys/devices/LNXSYSTM:00/device:00/PNP0A08:00/device:02/PNP0C0A:00/power_supply/BAT0 vendor: SANYO model: UM08B32 power supply: yes updated: Tue Nov 27 15:54:24 2012 (28 seconds ago) has history: yes has statistics: yes battery present: yes rechargeable: yes state: discharging energy: 18.1764 Wh energy-empty: 0 Wh energy-full: 21.1248 Wh energy-full-design: 48.6 Wh energy-rate: 13.2948 W voltage: 11.268 V time to empty: 1.4 hours percentage: 86.0429% capacity: 43.4667% technology: lithium-ion History (charge): 1354024433 86.043 discharging History (rate): 1354024464 13.295 discharging 1354024433 13.662 discharging 1354024402 13.781 discharging I noticed that between #2 and #3 (0 and 1 minutes after unplugging), while the battery still reports 99% charge and drops from 2:30 hr to 1:30 hr, the energy usage goes from 8.34 W to 13.54 W and the current_now increases, but shouldn't it be using less energy in battery mode since the screen is much dimmer and it's in power saving mode? (or is that normal behavior?) It also seems to drain more quickly than what it predicts, especially with the 1-1.25 hour drop in the first minute of being unplugged, which seems odd. What really concerns me is that Ubuntu 12.10 may not be properly managing the battery (with the sudden change in charge/life from 2:30 to 1:30 or 1:15 within a minute of unplugging), and that a new battery may quickly die under Ubuntu 12.10. I'd greatly appreciate any advice/suggestions on what to do, and especially whether there's a way to get back the 1-1.5 hrs of battery life that were suddenly lost when changing from WinXp to Ubuntu 12.10. Thanks :)

    Read the article

  • RSH between servers not working

    - by churnd
    I have two servers: one CentOS 5.8 & one Solaris 10. Both are joined to my workplace AD domain via PBIS-Open. A user will log into the linux server & run an application which issues commands over RSH to the solaris server. Some commands are also run on the linux server, so both are needed. Due to the application these servers are being used for (proprietary GE software), the software on the linux server needs to be able to issue rsh commands to the solaris server on behalf of the user (the user just runs a script & the rest is automatic). However, rsh is not working for the domain users. It does work for a local user, so I believe I have the necessary trust settings between the two servers correct. However, I can rlogin as a domain user from the linux server to the solaris server. SSH works too (how I wish I could use it). Some relevant info: via rlogin: [user@linux~]$ rlogin solaris connect to address 192.168.1.2 port 543: Connection refused Trying krb4 rlogin... connect to address 192.168.1.2 port 543: Connection refused trying normal rlogin (/usr/bin/rlogin) Sun Microsystems Inc. SunOS 5.10 Generic January 2005 solaris% via rsh: [user@linux ~]$ rsh solaris ls connect to address 192.168.1.2 port 544: Connection refused Trying krb4 rsh... connect to address 192.168.1.2 port 544: Connection refused trying normal rsh (/usr/bin/rsh) permission denied. [user@linux ~]$ relevant snippet from /etc/pam.conf on solaris: # # rlogin service (explicit because of pam_rhost_auth) # rlogin auth sufficient pam_rhosts_auth.so.1 rlogin auth requisite pam_lsass.so set_default_repository rlogin auth requisite pam_lsass.so smartcard_prompt try_first_pass rlogin auth requisite pam_authtok_get.so.1 try_first_pass rlogin auth sufficient pam_lsass.so try_first_pass rlogin auth required pam_dhkeys.so.1 rlogin auth required pam_unix_cred.so.1 rlogin auth required pam_unix_auth.so.1 # # Kerberized rlogin service # krlogin auth required pam_unix_cred.so.1 krlogin auth required pam_krb5.so.1 # # rsh service (explicit because of pam_rhost_auth, # and pam_unix_auth for meaningful pam_setcred) # rsh auth sufficient pam_rhosts_auth.so.1 rsh auth required pam_unix_cred.so.1 # # Kerberized rsh service # krsh auth required pam_unix_cred.so.1 krsh auth required pam_krb5.so.1 # I have not really seen anything useful in either system log that seem to be directly related to the failed login attempt. I've tail -f'd /var/adm/messages on solaris & /var/log/messages on linux during the failed attempts & nothing shows up. Maybe I need to be doing something else?

    Read the article

  • Kerberos and/or other authentication systems - One time logon for all PHP scripts

    - by devviedev
    I'm managing a set of web apps, almost exclusively written in PHP, and would like to find an authentication platform to build a role-based authorization system on top of. Also, I'd like the authentication system to be extensible to use for, for example, system services (SSH, etc.) Here are some of the main characteristics I'm looking for, in order of importance: Easy PHP implementation (storing/reading easily roles, etc.). Redundant, if possible. If an auth system goes down everyone is not locked out. Has clients for Windows and Mac. Easy web-based administration (adding/removing users/roles, changing passwords). If not, I can build an administration system without too much effort. One-time log on. I'd also like, when an auth token is issued, to store the user's IP address and use that to authorize the user for some non web-based applications. For that reason, I'd like a desktop client to issue the token and revoke tokens when, for example, the user becomes idle at their workstation. I'm thinking Kerberos might be a solution, but what are other options?

    Read the article

  • OSSEC : send alerts true gmail? how?

    - by Rubytastic
    Try to setup OSSEC to use google gmail to send my alerts like so: <email_notification>yes</email_notification> <email_to>[email protected]</email_to> <smtp_server>smtp.gmail.com</smtp_server> <email_from>ossec@host</email_from> Then I set email alerts value to 3 and restart ossec. This does not trigger email alert. how to correctly send alerts with gmail? better way to test if mails are sending out?

    Read the article

  • Apache Bad Request "Size of a request header field exceeds server limit" with Kerberos SSO

    - by Aurelin
    I'm setting up an SSO for Active Directory users through a website that runs on an Apache (Apache2 on SLES 11.1), and when testing with Firefox it all works fine. But when I try to open the website in Internet Explorer 8 (Windows 7), all I get is "Bad Request Your browser sent a request that this server could not understand. Size of a request header field exceeds server limit. Authorization: Negotiate [ultra long string]" My vhost.cfg looks like this: <VirtualHost hostname:443> LimitRequestFieldSize 32760 LimitRequestLine 32760 LogLevel debug <Directory "/data/pwtool/sec-data/adbauth"> AuthName "Please login with your AD-credentials (Windows Account)" AuthType Kerberos KrbMethodNegotiate on KrbAuthRealms REALM.TLD KrbServiceName HTTP/hostname Krb5Keytab /data/pwtool/conf/http_hostname.krb5.keytab KrbMethodK5Passwd on KrbLocalUserMapping on Order allow,deny Allow from all </Directory> <Directory "/data/pwtool/sec-data/adbauth"> Require valid-user </Directory> SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/hostname-server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/hostname-server.key </VirtualHost> I also made sure that the cookies are deleted and tried several smaller values for LimitRequestFieldSize and LimitRequestLine. Another thing that seems weird to me is that even with LogLevel debug I won't get any logs about this. The log's last line is ssl_engine_kernel.c(1879): OpenSSL: Write: SSL negotiation finished successfully Does anyone have an idea about that?

    Read the article

  • Linking Linux MIT Kerberos with a Windows 2003 Active Directory

    - by Beerdude26
    Greetings, I was wondering how one might link a Linux MIT Kerberos with a Windows 2003 Active Directory to achieve the following: A user, [email protected], attempts to log in at an Apache website, which runs on the same server as the Linux MIT Kerberos. The Apache module first asks the local Linux MIT Kerberos if he knows a user by that name or realm. The MIT Kerberos finds out it isn't responsible for that realm, and forwards the request to the Windows 2003 Active Directory. The Windows 2003 Active Directory replies positively and gives this information to the Linux MIT Kerberos, which in turn tells this to the Apache module, which grants the user access to its files. Here is an image of the situation: http://img179.imageshack.us/img179/5092/linux2k3.png (I'm not allowed to embed images just yet.) The documentation I have read concerning this issue often differ from this problem: Some discuss linking up a MIT Kerberos with an Active Directory to gain access to resources on the Active Directory server; While another uses the link to authenticate Windows users to the MIT Kerberos through the Windows 2003 Active Directory. (My problem is the other way around.) So what my question boils down to, is this: Is it possible to have a Linux MIT Kerberos server pass through requests for a Active Directory realm, and then have it receive the reply and give it to the requesting service? (Although it's not a problem if the requesting service and the Windows 2003 Active Directory communicate directly.) Suggestions and constructive criticism are greatly appreciated. :)

    Read the article

  • How is the "change password at next logon" requirement supposed to work with RDP using Network Level Authentication?

    - by NReilingh
    We have a Windows server (2008 R2) with the "Remote Desktop Services" feature installed and no Active Directory domain. Remote desktop is set up to "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)". This means that before the remote screen is displayed, the connection is authenticated in a "Windows Security: Enter your credentials" window. The only two role services installed on this server is the RD Session Host and Licensing. When the "User must change password at next logon" checkbox is selected in the properties for a local user on this server, the following displays on a client computer after attempting to connect using the credentials that were last valid: On some other servers using RDP for admin access (but without the Remote Desktop Services role installed), the behavior is different -- the session begins and the user is given a change password prompt on the remote screen. What do I need to do to replicate this behavior on the Remote Desktop Services server?

    Read the article

  • Apache LDAP authentication (mod_auth_ldap) on MacOS Server (10.5)

    - by Ursid
    A - Is there a LDAP authentication module (mod_auth_ldap) for the version of Apache that comes built into MacOS Server 10.5? (I'm pretty sure no, but maybe someone compiled one.) B - If not, can it be compiled into MacOS' version of Apache? (Man, that would be nice.) 3 - If I can't use the Apple version of Apache for this, what is the best way to get Apache LDAP authentication working on MacOS Server 10.5? (Preferably one that works with MacOS Servers management software)

    Read the article

  • Cisco WebVPN RDP Plugin and NLA

    - by bab
    I'm having trouble finding anything in Cisco's docs or with Google searches, so I'm hoping someone out in ServerFault land might know. We've recently enabled NLA domain-wide to protect against some of the recent RDP vulnerabilities. However, we can no longer use the Cisco WebVPN on our ASA to connect to these boxes (Connection Failure). I assume this is because the RDP2 plugin (as of Apr 27 2012) doesn't support NLA? Is there another version of the plugin that does? Thanks!

    Read the article

  • Nginx Server with Ruby on Rails application SMTP Authentication Error

    - by Spoons
    I'm developing a Rails app which when I run it locally, it's able to send emails through a gmail account via smtp. When I moved it to my sever (running Nginx), it comes up with the following error for example when I try to create a new user. Net::SMTPAuthenticationError in UsersController#create 535-5.7.1 Username and Password not accepted. The nginx.conf file remains the same from when I set it up.

    Read the article

  • OpenLDAP Authentication UID vs CN issues

    - by user145457
    I'm having trouble authenticating services using uid for authentication, which I thought was the standard method for authentication on the user. So basically, my users are added in ldap like this: # jsmith, Users, example.com dn: uid=jsmith,ou=Users,dc=example,dc=com uidNumber: 10003 loginShell: /bin/bash sn: Smith mail: [email protected] homeDirectory: /home/jsmith displayName: John Smith givenName: John uid: jsmith gecos: John Smith gidNumber: 10000 cn: John Smith title: System Administrator But when I try to authenticate using typical webapps or services like this: jsmith password I get: ldapsearch -x -h ldap.example.com -D "cn=jsmith,ou=Users,dc=example,dc=com" -W -b "dc=example,dc=com" Enter LDAP Password: ldap_bind: Invalid credentials (49) But if I use: ldapsearch -x -h ldap.example.com -D "uid=jsmith,ou=Users,dc=example,dc=com" -W -b "dc=example,dc=com" It works. HOWEVER...most webapps and authentication methods seem to use another method. So on a webapp I'm using, unless I specify the user as: uid=smith,ou=users,dc=example,dc=com Nothing works. In the webapp I just need users to put: jsmith in the user field. Keep in mind my ldap is using the "new" cn=config method of storing settings. So if someone has an obvious ldif I'm missing please provide. Let me know if you need further info. This is openldap on ubuntu 12.04. Thanks, Dave

    Read the article

  • Apache directive for authenticated users?

    - by Alex Leach
    Using Apache 2.2, I would like to use mod_rewrite to redirect un-authenticated users to use https, if they are on http.. Is there a directive or condition one can test for whether a user is (not) authenticated? For example, I could have set up the restricted /foo location on my server:- <Location "/foo/"> Order deny,allow # Deny everyone, until authenticated... Deny from all # Authentication mechanism AuthType Basic AuthName "Members only" # AuthBasicProvider ... # ... Other authentication stuff here. # Users must be valid. Require valid-user # Logged-in users authorised to view child URLs: Satisfy any # If not SSL, respond with HTTP-redirect RewriteCond ${HTTPS} off RewriteRule /foo/?(.*)$ https://${SERVER_NAME}/foo/$2 [R=301,L] # SSL enforcement. SSLOptions FakeBasicAuth StrictRequire SSLRequireSSL SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 </Location> The problem here is that every file, in every subfolder, will be encrypted. This is quite unnecessary, but I see no reason to disallow it. What I would like is the RewriteRule to only be triggered during authentication. If a user is already authorised to view a folder, then I don't want the RewriteRule to be triggered. Is this possible? EDIT: I am not using any front-end HTML here. This is only using Apache's built-in directory browsing interface and its in-built authentication mechanisms. My <Directory> config is: <Directory ~ "/foo/"> Order allow,deny Allow from all AllowOverride None Options +Indexes +FollowSymLinks +Includes +MultiViews IndexOptions +FancyIndexing IndexOptions +XHTML IndexOptions NameWidth=* IndexOptions +TrackModified IndexOptions +SuppressHTMLPreamble IndexOptions +FoldersFirst IndexOptions +IgnoreCase IndexOptions Type=text/html </Directory>

    Read the article

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >