Apache Authentication mod_auth_apple (client)

Hi,
I'm trying to setup my apache with "AuthType Basic", using the local account / users.
Guess this is only possible by using the appleauthmodule (libexec/apache2/modauthapple.so).
Seems that this module isn't available in the non server version of 10.5
So, what's my options?
Read in old dev-mailing lists that the source for modauthapple is available but can't find it...

I have the same problem like you??? You already know the solution?

Similar Messages

Urgent : problems in authenticating the client

Hi every one,
Im new to SSL and have a problem in authenticating the client with the server. when i disable
((SSLServerSocket)serversocket).setNeedClientAuth(true);
both the server and client work fine and i get the required output.
if i use -Djavax.net.ssl.truststore=trustStoreName and -Djavax.net.ssl.keyStore=keystoreName in the command line for the client then it works but i want to do it without the commandline options
I tried to debug the clients ssl handshake where it seams that if i dont mention the truststore and keystore in the command line it wont take the ones mentioned in the code.
If anyone has a solution for this or any idea can you please help me out im stuck on it for about a week now. Thanks in advance.
uzi
Message was edited by:
Deo_Zone
Message was edited by:
Deo_Zone

Hi...
i'm new to ssl connection....i implement the code for ssl connection through java program...i use the following code
String keystore = "<java_home>/jre/lib/security/cacerts";
System.setProperty("javax.net.ssl.trustStore",keystore);
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,adminName);
env.put(Context.SECURITY_CREDENTIALS,adminPassword);
env.put(Context.SECURITY_PROTOCOL,"ssl");
String ldapURL = "ldaps://mydc.speedrock.com:636";
env.put(Context.PROVIDER_URL,ldapURL);
DirContext ctx = new InitialLdapContext(env,null);
i use this code in my web application and using server tomcat 5.5 server...
Steps:
1. Started my tomcat server
2. attempt to change ActiveDirectory user password.
At this time i'm not importing AD server certificate into cacerts file..
In this situation it throws exception.
3. now i import the valid certificate into cacerts file using keytool command
keytool -import -alias xyzADCert -keystore <javahome>/jre/lib/security/cacerts -keypass changeit -storepass changeit -noprompt -file <java_home>/jre/lib/security/ca.cer;
when i run this command from console, import the certificate successfully....
4. now again attempts to change password...
In this situation it gives same previous exception....
But, when i restart the tomcat server and attempts change password, its working fine...
The same thing happens in case of delete certificate...
Steps:
1.Start the tomcat server
2. import valid certificate using keytool command
keytool -import -alias xyzADCert -keystore <javahome>/jre/lib/security/cacerts -keypass changeit -storepass changeit -noprompt -file <java_home>/jre/lib/security/ca.cer;
3. Try to change password....working fine
4. delete the certificate using keytool command
keytool -delete -alias xyzADCert -keystore <javahome>/jre/lib/security/cacerts -keypass changeit -storepass changeit
when i run this command certificate deleted from cacerts file....
for confirmation, once again i run this command...it gives alias does not exit message.
5. Now, i re attempts to change password with out restaring tomcat server...
instead of throwing exception like "simple bind failed", password updated in server for user.
6. But, when i restart the tomcat server, it gives the exception like "simple bind failed" when i try to change password.
my target is with out restarting server ..do change password successfully when i import the certificate and throw exception when i delete the certificate from cacerts file...
please give me some help...

Crm OnDemand error -- org.apache.axis2.AxisFault: Client

Hi,
I am having some problem with the Administrative Services Web service of crm Ondemand . I want to Read the CustomRecordTypes from my crm instance through the web services. I have downloaded the WSDL for that from the crm sites Administrative Services section. While executing the code is throwing the following exeption org.apache.axis2.AxisFault: Client.
The Code I have used to Read the CustomRecordTypes is as follows :
CustomRecordTypeServiceStub service = new CustomRecordTypeServiceStub("https://secure-ausomxiha.crmondemand.com/Services/Integration");
               org.apache.axis2.client.ServiceClient client = service._getServiceClient();
               client.getOptions().setManageSession(true);
               client.getOptions().setProperty(org.apache.axis2.transport.http.HTTPConstants.HEADER_COOKIE, "jsessionid="+javasessionid);
               client.getOptions().setUserName(username);
               client.getOptions().setPassword(password);
               CustomRecordTypeReadAll_Input rec_input = new CustomRecordTypeReadAll_Input();
               CustomRecordTypeReadAll_Output rec_output = new CustomRecordTypeReadAll_Output();
               rec_output = service.customRecordTypeReadAll(rec_input);
The Exeption Details is as follows -
org.apache.axis2.AxisFault: Client
     at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:446)
     at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:371)
     at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:417)
     at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
     at org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
     at crmondemand.CustomRecordTypeServiceStub.customRecordTypeReadAll(CustomRecordTypeServiceStub.java:735)
     at crmondemand.LogonAction.execute(LogonAction.java:34)
     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
     at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
     at java.lang.reflect.Method.invoke(Unknown Source)
     at com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:404)
     at com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:267)
     at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:229)
     at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:221)
     at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:86)
     at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(DefaultActionInvocation.java:224)....................and many more
Please someone help me to resolve this issue.
Thanx in advance.

Pls check your wsdl file. If the wsdl file is wrong, then ServiceBuilder takes the default wsdl and it uses the package structure to create default namespace (which is example.ws in ur case). Check your wsdl for proper binding, port and service declarations.

Interoperability between apache soap toolkit(client)and ms soap toolkit

Interoperability between apache soap toolkit(client)and ms soap toolkit.Give me an example where i can send and receive a complex data type from apache tomcat in client side to ms soap toolkit on the server side.It is urgent.Plz try to give me a solution as soon as possible.

The toolkits don't have to work together at all. And by the way, you aren't sending the data to the MS toolkit, you're sending it to some MS product that can process the data. Any data that follows the standards should work.

Using Lion Server Radius for authenticating "other" clients

Hi I've been trying to get the Radius service in Lion Server to authenticate users of my SQUID web proxy. I have followed the squid wiki's instructions to configure the squid server as a radius client and pass authentication requests to the Lion Server Radius (I hope). However I'm trying to configure and test the Lion Server Radius. As Lions Server Admin GUI for radius only lets to add Airport Basestations, I've been trying to dig around for what underlying config files to edit. I have tried 2 methods of adding the client details to radius:
1. By editing the /etc/raddb/client.conf, and adding/changing (for example):
client localhost {
     secret     = mysecretpassphrase
client 192.168.0.0/24 {
     secret              = mysecretpassphrase
     shortname       = local-lan-clients
and restarting squid. Nothing seems to get mentioned in the radius log file! So I'm not completely convinced that the Lion Radius took any notice of this!
2. Instead of above, added the same client info using radiusconfig:
$ sudo radiusconfig -addclient 192.168.0.0/24 local-lan-clients other <return>
- then it prompts for the secret. With this command I notice the entry/event is recognised in the radius log file, and also looks like some SQL activity. If I dont specify "other" for the nas-type, it defaults to "Aiport Base Station" or similar.
OK, so forgetting about SQUID for a minute, I can't even get that far as I'm just trying to test the config using the "radclient" utility from the Lion Server and the squid server:
$ sudo radclient localhost auth mysecretpassphrase <return>
and... no response, just hangs, nothing in radius log either.
The Lion Firewall allows TCP and UDP requests into the Radius authentication port.
Any ideas what else I need to do? Scratching my head, I'm wondering if it is anything to do with SSL? e.g. do I need to make the authentication using the self-signed certificate that Open Directory has? I presume any Airport Base Stations added to radius will use this certificate to establish a secure connection for authentication.

The RADIUS server in OS X Server is a standard FreeRADIUS implementation with Apple's own custom GUI frontend for configuring it and which only allows adding AirPort base-stations. In Mountain Lion Server it is even limited to a specific configuration for the AirPort base-station.
However if you follow the normal command-line instructions and steps for configuring FreeRADIUS then it will be possible to add any type of RADIUS client.
While as far as I can see by manually configuring the FreeRADIUS server in OS X Server should enable you to do what you want, most people chose to configure Squid to use either a PAM or the LDAP modules for Squid to in this case authenticate directly to Open Directory (which is of course based on LDAP).
I myself have used a PAM in the past with Squid to successfully configure Squid to authenticate users via Open Directory. I was even able to specific an Open Directory group and only allow members of that group access via the Squid Proxy Server. I then went a bit OTT and set up another open-source tool (which was discontinued and I had to fix to get working) to process the Squid logs and store them in MySQL, and then setup FileMaker Pro to connect to the MySQL database via ODBC to allow producing reports.
Unfortunately the AFP458 website had a major redesign a while ago and many previous technical articles on it are now hard to find. I had used two articles on that site to guide me through setting up Squid and the PAM on a Mac server. I believe the two articles I used are the ones listed below.
http://afp548.com/2004/09/08/using-os-x-open-directory-to-authenticate-squid-pro xy-server/
http://afp548.com/2004/12/13/squid-server-using-ldap-authentication/

Apache, authentication required, key not working

I'm trying to set up my PC with Apache Server. If i try to access it from my laptop in our home, it serves on 192.168.1.102 I went to no-ip.biz because we have a dynamic IP here. when i try to remotely access the server, i get a screen that says: Authentication required Enter username and password for "linksys BEFW11S4 V.2" at http://XXXXXX.no-ip.biz (xxx being my subdomain i requested) the screen will not accept any 'admin' or the network key i use. Any advice?

Hi
You should use port forwarding and forward your apache port (usually 80) to the ip address of the machine that has apached installed
Hope this works
Cheers

Apache Authentication

We recently setup an Open Directory server on OSX 10.4 and we're having issues getting our GNU/Linux Apache 2.0 web server to authenticate against it. Here is the section in our httpd.conf:
LoadModule ldap_module modules/mod_ldap.so
LoadModule authldapmodule modules/modauthldap.so
<Directory "/www/docs/public/ldaptest">
Options Indexes FollowSymLinks
AllowOverride None
order allow,deny
allow from all
AuthLDAPEnabled on
AuthType Basic
AuthName "OD LDAP Test"
AuthLDAPURL
"ldap://ldaphost:389/dc=ldaphost,dc=ucsd,dc=edu"
Require valid-user
</Directory>
I've looked at both the apache2 logs and the OD logs on the OSX server but it's not showing anything useful. This same configuration works with a generic OpenLDAP server without any problems. Do I need to use a special module (modappleauth?) or is there some configuration switch I need to change?
We'd also like to have the ability to authenticate via group using the require group directive.
Additionally is there any way to authenticate a SunOne web server to OD?
Thank you.

After looking at the Apache logs I came across this:
auth_ldap authenticate: user ldaptest authentication failed; URI /ldaptest/ [LDAP: ldapsimple_binds() failed][Invalid credentials]
Which looks like the OSX server isn't allowing anonymous binds for some reason. Even though I can do a normal ldapsearch and get results without any problems.

Authentication in Client/Server form Application

Hi
My client/server application is not using oracle authentiacation, I have maintained user table from that user is authenticated, but any user logins in a application it uses same oracle username/PWD which I currently hardcoded in a forms 6i (C/S type on logon event) application.
My client is located in different geographicaly location, when I change oracle database password I need to compile client application and diployed it again.
Is there any way that I can avoid this. I don't want to give database Un/Pwd to any client user. He only have application username and password.
Thanks
Sudarshan

Hello,
While installing developer you can select components to
Install, Options listed are Forms runtime and Reports runtime.
and it will make your work done.
Adi

Machine authentication over Client IPSEC tunnel

I am in the process of converting our existing remote access from Microsoft Threat Management Gateway to Cisco ASA. Our security folks just made me aware that in addition to the Radius authentication against AD credentials that they also want me to do machine authentication to make sure that the machine name of the system trying to get remote access has a machinea account in AD.
I have been looking for a way to do this with the IPSEC client but havent found anything as yet. Would appreciate any links that show me how to get this done. Moving to Anyconnect isnt an option at this point due to budgetary issues. I am using the latest Cisco VPN client in the 5.x train and have 8.2.5 code running on my 5520.
What I may be looking at might be NAC (Network Admission Control ?). Looking for all suggestions at this point.
Thanks,
Ron

I've used enrolled user X.509 USER certificates with Cisco VPN Client 4.x / 5.x into an ASA. They were issued by a partner's root CA and the connection was allowed on the basis of that root CA being trusted by the remote ASA.
But yes, what you are asking about is more of a NAC, or the successor Identity Services Engine (ISE) product type of feature. In the case of ISE, it can do what you ask but requires a good bit of investment to get that and many many other features.
I strongly suspect that some additional investment will be necessary to get what your security team is requesting. At the very least AnyConnect Premium licenses and use of the Network Access Manager (NAM) feature. See this reference.

Browser authentication from client program

How is it possible to authenticate a browser from a client program? For example, how does the small "mail" icon in yahoo messenger open up a browser, then authenticate it against yahoo.com and display the email Inbox? Do browsers provide some API through which this kind of authentication is possible? Any insights in this direction would be greatly appreciated.
Thanks

Karthikeyan,
The error message says it all: feature is not supported.
For your information, your question has been asked (and answered) several times previously in this forum. Did you try searching the forum archives?
Personally, I just live with this limitation -- it's not critical for me. Have you tried the MetaLink Web site?
Good Luck,
Avi.

Apache authentication & Leopard

i have an apache site running on my G%. i had password authentication working fine under Panther and Tiger. just upgraded to Leopard and it seems not to be working. it's as though none of the httpd.conf edits (that i see are still there) are not taking effect OR something changed with Apache in Leopard -- or the like.
the httpdd.conf customizations that have worked for quite some time are:
Order deny,allow
Deny from all
Allow from 127.0.0.1
AuthName "By Invitation Only"
AuthType Basic
AuthUserFile /Library/WebServer/.htpasswd
Require valid-user
Satisfy Any
and they are still in what i believe to be the active httpd.conf file. additionally, the .htpasswd file is also located in the right place and is intact after the upgrade.
it's not as though the site is inaccessible. access to my site from the outside world is just swell... just no authentication before providing access.
any ideas of why the password authentication would just not work??
thanks!!

That was exactly it!
I am grateful and so glad I decided to put the question to the forums. I stared and poked at it for more than an hour. I'm not an expert by far, so I was "double checking" myself in circles at 2AM. Thanks SO much for the dot connection.
Any idea where I can read more about the Leopard specific Apache install???
Separately, it was funny because it still took me a while to find the issue. Even when I found my way to /etc/apache2, when i then invoked bbedit httpd.conf from within that directory, it opened up the old one -- or rather the one I was already familiar with in /etc/httpd. I eventually had to have bbedit 'open hidden' to get to the proper new one.
Anyway, thanks for the info!
David

Apache authentication via mod_auth_mysql

Hi to all.. anybody have ever tried to configure Apache protected directories
via modauthmysql ?
my result is an error NSURLErrorDomain:-1005 after filling field with username e password...
If is there anybody who tried this authentication method?
I use standard Apache that comes with macosx 10.4.3..
thank you

I have the same problem like you??? You already know the solution?

Authentication using Client Certificates

Has anyone implmented client certificate authentication where after user has entered her certificate id/pwd they get direct access to the portal without getting the portal logon page again.
I am using EP6 SP2, i get the request for client certficates but after that i get directed to the portal form based logon page. How do i bypass this and gain access to the portal.
regards
anton

Hi Kyle,
Here is my authscheme.xml file....i placed the CreateTicketLoginModule after the CertLoginModule but it didnt work. Have i done this correctly. By the way i am using EP6sp2 J2EE 6.20 pl 28
thanks anton
authschemes>
        
        <authscheme name="uidpwdlogon">
            
            <loginmodule>
                <loginModuleName>com.sap.security.core.logon.imp.CertLoginModule</loginModuleName>
                <controlFlag>SUFFICIENT</controlFlag>
                <options></options>
            </loginmodule>
         <loginmodule>
                <loginModuleName>com.sap.security.core.logon.imp.CreateTicketLoginModule</loginModuleName>
                <controlFlag>SUFFICIENT</controlFlag>
                <options></options>
            </loginmodule>
            <loginmodule>
                <loginModuleName>com.sap.security.core.logon.imp.DefaultLoginModule</loginModuleName>
                
                <controlFlag>REQUISITE</controlFlag>
                <options></options>
            </loginmodule>
            <loginmodule>
                <loginModuleName>com.sap.security.core.logon.imp.CertPersisterLoginModule</loginModuleName>
                <controlFlag>REQUIRED</controlFlag>
                <options></options>
            </loginmodule>
            <priority>21</priority>
            
            <frontendtype>2</frontendtype>
            
            <frontendtarget>com.sap.portal.runtime.logon.default</frontendtarget>
        </authscheme>
        <authscheme name="certlogon">
            <loginmodule>
                <loginModuleName>com.sap.security.core.logon.imp.CertLoginModule</loginModuleName>
                <controlFlag>REQUISITE</controlFlag>
                <options></options>
            </loginmodule>
         <priority>20</priority>
            <frontendtype>2</frontendtype>
            <frontendtarget>com.sap.portal.runtime.logon.certlogon</frontendtarget>
        </authscheme>
        <authscheme name="basicauthentication">
            <loginmodule>
                <loginModuleName>com.sap.security.core.logon.imp.DefaultLoginModule</loginModuleName>
                <controlFlag>REQUIRED</controlFlag>
                <options></options>
            </loginmodule>
            <priority>20</priority>
            <frontendtype>2</frontendtype>
            <frontendtarget>com.sap.portal.runtime.logon.basicauthentication</frontendtarget>
        </authscheme>
        <authscheme name="header">
            <loginmodule>
                <loginModuleName>com.sap.security.core.logon.imp.HeaderVariableLoginModule</loginModuleName>
                <controlFlag>OPTIONAL</controlFlag>
                <options>Header=remote-user</options>
            </loginmodule>
            <priority>5</priority>
            <frontendtype>2</frontendtype>
            <frontendtarget>com.sap.portal.runtime.logon.header</frontendtarget>
        </authscheme>
        <authscheme name="guest">
            <loginmodule>
                <loginModuleName>com.sap.security.core.logon.imp.AnonymousLoginModule</loginModuleName>
                <controlFlag>OPTIONAL</controlFlag>
                <options></options>
            </loginmodule>
            <priority>1</priority>
            <frontendtype>2</frontendtype>
            <frontendtarget>com.sap.portal.runtime.logon.anonymous</frontendtarget>
        </authscheme>
        
        <authscheme name="anonymous">
            <priority>-1</priority>
        </authscheme>
    </authschemes>
    
    <authscheme-refs>
        <authscheme-ref name="default">
            <authscheme>uidpwdlogon</authscheme>
        </authscheme-ref>
    </authscheme-refs>
    <authscheme-refs>
        <authscheme-ref name="UserAdminScheme">
            <authscheme>uidpwdlogon</authscheme>
        </authscheme-ref>
    </authscheme-refs>
</document>

Need help with Apache self signed client certificates.

At work we use PHPmyadmin to administer our central MySQL database.
In order to access PHPmyadmin we use self signed ssl client certificates, for our developers, so that you can only access phpmyadmin if you have a valid client certificate installed in your browser.
The ssl certificate on the webserver hosting phpmyadmin has expired now and I would like to extend it, preferrably without having to re-genereate client certificates for all users.
I'm a bit confused to the approach. Most howtos I've found deal with extending a webserver certificate. but it really just looks like they generate a new one.
Can anyone help me out with how best to approach this.
Do I simply generate a new Apache Server certificate and then use this to re-sign the existing client certificates?

As the SOAP servlet says: "Sorry, I don't speak via HTTP GET- you have to use HTTP POST to talk to me.", you must use the HTTP POST method and not the GET method to use SOAP.
Use setRequestMethod("POST") of class HttpURLConnection to make your HTTP connection use the POST method.
(I didn't look at all your code).
Jesper

Delay in authentication EAP client

hi
We have a client who has 4 APs on 1 floor which channels 1,4,7,11 with EAP-TLS enabled. The radius server is placed in u can say hongkong. The problem is
1. When a client starts a download, the client roams all the APs causing the download to make much more time. When this downloading is switched off it comes back to the nearest APs.
Any help is welcome
thanks
2. We are facing problems in getting clients authenticated. The ACU shows that the client has associated to a particular AP then it roams to all APs for a while and then randomly starts authentication with one AP and finally authenticates. The settingds in client side is clear channel assessment as firmware default.
The APs in question are 1100

Hi,
We have a similar set up with 3 1200 APs and an ACS radius/certificate server for EAP-TLS. All APs are configured with the same SSID and are all set to use a fixed channel (11). The APs and the ACU have all been upgraded to the latest firmware and it all works correctly. If you pick up a laptop and roam throught the building you can reathenticate from different APs without any problems.
Rgds
Paddy

Apache Authentication mod_auth_apple (client)

Similar Messages

Maybe you are looking for