11 Apr
2016
11 Apr
'16
3:04 a.m.
On 09-04-2016 18:24, Isaac Boukris wrote: > On Fri, Apr 8, 2016 at 5:13 PM, Süleyman Kuran <skuran@ayk.gov.tr> wrote: >> Hi there, >> >> I am on Centos 7 >> httpd 2.4 >> mod_auth_radius 1.5.8 >> My virtual host file is as follows: >> >> apache is not asking for username/password after 1 failed radius auth >> attempt. After 1 failed auth, Unauthorized page appears and if I refresh >> the page (F5) previous failed credentials are sent to the radius server >> without popping up a window asking for username/password. If login is OK >> the page is authorized. But if not, the user will have to wait for the >> popup window until the session is timed out. >> >> if apache is configured for basic auth with htpasswd file. It asks for >> the password after failed login as expected. > It would be interesting to see the outputs of: > # curl -v -k https://localhost/ > # curl -v -k https://localhost/ -u bad_user:bad_pwd [root@localhost ~]# curl -v -k https://localhost/ * About to connect() to localhost port 443 (#0) * Trying ::1... * Connected to localhost (::1) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * skipping SSL peer certificate verification * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: * subject: E=root@localhost.localdomain,CN=localhost.localdomain,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- * start date: Nis 07 08:44:34 2016 GMT * expire date: Nis 07 08:44:34 2017 GMT * common name: localhost.localdomain * issuer: E=root@localhost.localdomain,CN=localhost.localdomain,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- > GET / HTTP/1.1 > User-Agent: curl/7.29.0 > Host: localhost > Accept: */* > < HTTP/1.1 401 Unauthorized < Date: Mon, 11 Apr 2016 06:59:39 GMT < Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 < WWW-Authenticate: Basic realm="Auth required" < Content-Length: 381 < Content-Type: text/html; charset=iso-8859-1 < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html> * Connection #0 to host localhost left intact And the output to the second curl command is as follows: [root@localhost ~]# curl -v -k https://localhost/ -u bad_user:bad_pwd * About to connect() to localhost port 443 (#0) * Trying ::1... * Connected to localhost (::1) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * skipping SSL peer certificate verification * SSL connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 * Server certificate: * subject: E=root@localhost.localdomain,CN=localhost.localdomain,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- * start date: Nis 07 08:44:34 2016 GMT * expire date: Nis 07 08:44:34 2017 GMT * common name: localhost.localdomain * issuer: E=root@localhost.localdomain,CN=localhost.localdomain,OU=SomeOrganizationalUnit,O=SomeOrganization,L=SomeCity,ST=SomeState,C=-- * Server auth using Basic with user 'bad_user' > GET / HTTP/1.1 > Authorization: Basic YmFkX3VzZXI6YmFkX3B3ZA== > User-Agent: curl/7.29.0 > Host: localhost > Accept: */* > < HTTP/1.1 401 Unauthorized < Date: Mon, 11 Apr 2016 07:02:10 GMT < Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips mod_fcgid/2.3.9 PHP/5.4.16 < Content-Length: 381 < Content-Type: text/html; charset=iso-8859-1 < <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>401 Unauthorized</title> </head><body> <h1>Unauthorized</h1> <p>This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required.</p> </body></html> * Connection #0 to host localhost left intact And I am not so sure, this is a browser problem. Thank you. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html