Apache::AuthenNTLM not failing through to basic auth

Apache::AuthenNTLM not failing through to basic auth

am 15.04.2010 20:49:35 von Benny

Hey folks,

I just got NTLM authentication working on one of my Red Hat 5.4
machines thanks to this module. Oh thank god, you wouldn't believe
how many different methods I had tried until this module worked.

I did have a few things that I had to change to get it working:

1) I had to comment out the 'use strict' in AuthenNTLM.pm, lest it
complain about barewords not allowed while 'strict subs' in use

2) I had to change Apache to Apache2 in the 'if (MP2)' require
statements, which I'm sure is how I built it or something
specific to my distribution. Regardless, not a big deal.

3) I had to change 'use mod_perl' to 'use mod_perl2'

However, I'm seeing that HTTP basic auth isn't being tried if NTLM
fails (I never get an auth popup, Nagios just acts as if it didn't
get a username). From the docs, I would expect the following
settings within the Apache Location:

PerlSetVar ntlmauthoritative off
PerlSetVar basicauthoritative on

would tell it to try NTLM, and if that fails, use basic auth. I
never get an authorization box. I have tried all permutations of
"off" and "on" with both directives, and they all behave the same -
if NTLM fails, I am not authorized.

The specs:

Red Hat 5.4
Apache 2.2.3 (via RHEL RPM)
mod_perl 2.0.4 (via RHEL RPM)
Apache-AuthenNTLM v 2.10 downloaded from CPAN and installed by hand
(perl Makefile.pl ; make ; make test ; make install) and then
AuthenNTLM.pm tweaked:

--- ../Apache-AuthenNTLM-2.10/AuthenNTLM.pm 2005-02-07
09:51:57.000000000 -0600
+++ ./AuthenNTLM.pm 2010-04-15 11:05:07.000000000 -0500
@@ -16,7 +16,7 @@

package Apache::AuthenNTLM ;

-use strict ;
+#use strict ;
use vars qw{$cache $VERSION %msgflags1 %msgflags2 %msgflags3 %invflags1
%invflags2 %invflags3 $addr $port $debug} ;

$VERSION = 2.10 ;
@@ -66,7 +66,7 @@
############################################
# here is where we start the new code....
############################################
-use mod_perl ;
+use mod_perl2 ;

# use Apache::Constants qw(:common);
# setting the constants to help identify which version of mod_perl
@@ -76,13 +76,13 @@
# test for the version of mod_perl, and use the appropriate libraries
BEGIN {
if (MP2) {
- require Apache::Const ;
- require Apache::Access ;
- require Apache::Connection ;
- require Apache::Log ;
- require Apache::RequestRec ;
- require Apache::RequestUtil ;
- require Apache::RequestIO ;
+ require Apache2::Const ;
+ require Apache2::Access ;
+ require Apache2::Connection ;
+ require Apache2::Log ;
+ require Apache2::RequestRec ;
+ require Apache2::RequestUtil ;
+ require Apache2::RequestIO ;
require APR::Table ;
require APR::SockAddr ;
Apache::Const->import(-compile =>
'HTTP_UNAUTHORIZED','HTTP_IN
ERNAL_SERVER_ERROR','DECLINED','HTTP_FORBIDDEN','OK') ;

Now, it appears that the 'PerlSetVar basicauthoritative' section of
the pod is a copy-n-paste from ntlmauthoritative and hasn't been
corrected; am I reading too much into what I think should be there?

Thanks for any help you can give me!

Benny


--
Me: 'How big a monster can you take out with one of those? Would
you win a fight with Godzilla?'
Jim: 'You could disassemble Godzilla at a range of seven miles.'
-- Blog entry about the 76mm Melera, a
gun on a US Navy Perry-class frigate that
Somali pirates tried to seize


--
Me: 'How big a monster can you take out with one of those? Would
you win a fight with Godzilla?'
Jim: 'You could disassemble Godzilla at a range of seven miles.'
-- Blog entry about the 76mm Melera, a
gun on a US Navy Perry-class frigate that
Somali pirates tried to seize