Re: [Pi3web-users] Users, Realm and authentication
Brought to you by:
zimpel
Menu
▾
▴
Re: [Pi3web-users] Users, Realm and authentication
|
From: <zi...@t-...> - 2002-10-02 05:07:36
|
Raphaël Précigout wrote: > Hello, ^^ Hello, Raphaël, > > I recently installed Pi3web, so forgive me I'm a beginner... ^^ everyone is a beginner, anytime. So don't hesitate to ask. > > I configured Pi3web (HTTP server) with 5 or 6 users and 2 realms (Private_Users (basic authentication), High_Level_Users (digest authentication)) : > ** If I have more than 1 user in the realm used for a directory then no authentication dialog appears on web client's screen and every one seems to be able to browse my site. If I have only one user in the realm then no problem, the authentication process occurs. (realm is basic). > ** When I use a realm with digest authentication (no matter how many users are in this realm), no authentication dialog box appears on the client's browser and every one can browse my site. ^^ Neither Netscape nor M$IE browsers currently support this. Opera is the only browser I know, which provides built in Digest Access Authentication support. > > I did the same test with Pi3web configured with SSL : > ** whatever the authentication scheme is for the realm which protects a directory or whatever the number of users in the relevant realm is, no authentication dialog box appears on the client's side, but nobody can access the protected directory. ^^ Refer to above. It is independant from SSL. Btw., SSL. There is a known and documented (http://marc.theaimsgroup.com/?t=100724237500001&r=1&w=2 an archive of the openssl-users mailing list) problem with openssl and Netscape 6.2, which leads to a connection timeout, if the site contains e.g. images, which will induce HTTP sub-requests. This seems to be caused by a strange multithreading behaviour of the Netscape browser. The browser opens a 2nd SSL connection in parallel to the primary, and waits to start with the SSL handshake, until the server closes the first. The openssl does the opposite keeps the first open, waiting for more data from the browser... > > Did you experienced this kind of problem ? ^^ Yes, the browser vendors should integrate this, because it is an open standard, much more secure than basic auth. (however basic auth. through SSL is similar). For NT server the NTLM could be used, which is based on NT challenge response. The user management is then moved from server to the OS. > > I'm quite sure I've missed something but I don't know what... ^^ Now you know it. It isn't you, who misses something. > > Thank you for your help. > > Moreover I would suggest a potential improvement which I think is a more user friendly way to manage users and realms : > 1. create a table of users > 2. create a table of realms > 3. populate each realm with users you can pick from the list of users (so that you allow a user to be in more than one group) and (if possible) populate the realms with other realms... ^^ Yip, very good idea, I still made this proposal to John Roy, when I was a newbie with Pi3Web. Now I maintain and develop the whole Pi3Web but unfortunately, haven't found the time in order to realize this. > > Thank you for your help. ^^ You're welcome. > > Raphael > > > > ------------------------------------------------------- > This sf.net email is sponsored by: DEDICATED SERVERS only $89! > Linux or FreeBSD, FREE setup, FAST network. Get your own server > today at http://www.ServePath.com/indexfm.htm > _______________________________________________ > Pi3web-users mailing list > Pi3...@li... > https://lists.sourceforge.net/lists/listinfo/pi3web-users > > -- regards Holger TMTOWTDI - There's More Than One Way To Do It - Perl motto ---------------------------------------------------------- Holger 'zimpel' Zimmermann ---------------------------------------------------------- Wendishain Germany ---------------------------------------------------------- http://home.t-online.de/home/zimpel/ http://pi3web.sourceforge.net/ mailto:zi...@t-... ---------------------------------------------------------- |
