Re: why AuthenNTLM prompt for password/user when user in domain

[prev] [thread] [next] [Date index for 2004/11/25]

william lai wrote:

> *Hi speeves,
>   i'm trying Apache::AuthenNTLM 2.07 modules with a
> NT PDC, mod_perl-1.19_12, Apache/2.0.51., After

Hi!

Just a note, the newest version of mod_perl is 1.99_17, and Apache 
2.0.51 had a security hole that is fixed in 2.0.52.  (Though I have been 
seeing a mention of a new vulnerability in 2.0.52 on bugtraq, though 
haven't seen it confirmed yet).

> configuration, i browsers the page that protect by AuthenNTLM and it 
> prompt me for password/user,  however  it always said the 
> user/passwordis wrong.
> is it true that NTLM don't need to enter password/user when user login 
> in the domain?
> **and i also set keepalive= on in httpd.conf. I have
> searched for a week why it prompt me for password/user, but
> stil can't solve.
> *

If I am understanding this correctly, AuthenNTLM doesn't check for 
existing credentials from IE.  It simply checks a local cache to see if 
the user already has a session, then throws a 401 Unauthorized if a 
cached session is not found. 

thanks,

        -- 
        Shannon Eric Peevey
President - EriKin Corporation
speeves@xxxxxx.xxx
(940) 391-6777
http://www.erikin.com 


-- 
Report problems: http://perl.apache.org/bugs/
Mail list info: http://perl.apache.org/maillist/modperl.html
List etiquette: http://perl.apache.org/maillist/email-etiquette.html