[ILUG] Bloody apache authorisation...
Kathryn Cassidy (User Account)
hellbunnie at irelands-web.ie
Thu Apr 13 20:00:31 IST 2000
This is a long one...
I've a problem with either apache or netscape
authentication. The scenario is as follows:
I have a set of perl scripts in a cgi-bin/helpdesk
directory which requires a password before it can be
accessed. Occasionally when I access a script from this
dir, netscape goes crazy seems to hang. What's actually
happening is that it's repeatedly trying to access the
page and being refused access because it doesn't have
the correct username/password. However, it's not
popping up the login prompt and it's not displaying the
'authorisation failed' error. It just keeps frantically
connecting to the server and being refused.
I should point out that the problem will occurr _after_
I've logged in and run numerous scripts from this
directory. It always lets me log in correctly the first
time, it's only after that that it'll occur. One guy
here can reproduce it with a defined set of steps,
however on my machine it seems random and the steps that
reproduce the error on his system usually work perfectly
The problem was happening on Apache 1.3.9-4 so I
upgraded to 1.3.12-2 to no avail. The clients are
netscape 4.61 and 4.72. As far as I can see the user
and password aren't actually being sent to the server by
netscape, which suggests it's a netscape problem.
However, I've got the same setup on another server
running apache 1.3.11 and I haven't seen the problem at
all on it, which suggests an apache problem. I've tried
it on windows running IE too and I haven't seen the
problem there which again points to netscape, 'though
we've only run it a couple of times on IE and it's a bit
intermittent, so we may see the problem there yet...
My authentication is set up with the following lines in
#set up access control for helpdesk directory
/etc/httpd/conf/passwords contains a number of user
names consisting of the user's full names including
spaces. I was a bit wary of putting spaces into the
logins, but it works fine on the test system and
htpasswd is quite happy to add users like this so long
as the name is quoted.
I used the Internet Junkbuster to grab the http
conversation between the server and client. Its output
is as follows:
User-Agent: Mozilla (X11; I; Linux 2.0.32 i586)
Accept: image/gif, image/x-xbitmap, image/jpeg,
image/pjpeg, image/png, */*
Proxy-authorization: Basic aXRnd2ViOnByb2ZpdHM=
HTTP/1.1 401 Authorization Required
Date: Thu, 13 Apr 2000 11:04:07 GMT
Server: Apache/1.3.9 (Unix) (Red Hat/Linux)
WWW-Authenticate: Basic realm="helpdesk"
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<TITLE>401 Authorization Required</TITLE>
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.<P>
Once it gets to this point it goes straight back to the
GET line again and this is repeated over and over. The
apache access logs shows the get with no user name being
sent. The error log shows nothing.
I'm inclined to blame netscape, but I'm bemused by the
fact that it's working fine on the other server. Has
anyone got any ideas as to what could be causing this?
More information about the ILUG